Search criteria ⓘ Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

7957 vulnerabilities found for macOS by Apple

VAR-201801-1712

Vulnerability from variot - Updated: 2026-04-10 23:37

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:

RHEL 7-based RHEV-H ELS - noarch RHEV Hypervisor for RHEL-6 ELS - noarch

The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us Version: 5

HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2018-01-18 Last Updated: 2018-01-17

Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.

Note:

This issue takes advantage of techniques commonly used in many modern processor architectures.
For further information, microprocessor vendors have provided security advisories:

References:

PSRT110635
PSRT110634
PSRT110633
PSRT110632
CVE-2017-5715 - aka Spectre, branch target injection
CVE-2017-5753 - aka Spectre, bounds check bypass
CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HPE ProLiant DL380 Gen10 Server prior to v1.28
HPE ProLiant DL180 Gen10 Server prior to v1.28
HPE ProLiant DL160 Gen10 Server prior to v1.28
HPE ProLiant DL360 Gen10 Server prior to v1.28
HPE ProLiant ML110 Gen10 Server prior to v1.28
HPE ProLiant DL580 Gen10 Server prior to v1.28
HPE ProLiant DL560 Gen10 Server prior to v1.28
HPE ProLiant DL120 Gen10 Server prior to v1.28
HPE ProLiant ML350 Gen10 Server prior to v1.28
HPE ProLiant XL450 Gen10 Server prior to v1.28
HPE Synergy 660 Gen10 Compute Module prior to v1.28
HPE ProLiant XL170r Gen10 Server prior to v1.28
HPE ProLiant BL460c Gen10 Server Blade prior to v1.28
HPE ProLiant XL190r Gen10 Server prior to v1.28
HPE ProLiant XL230k Gen10 Server prior to v1.28
HPE ProLiant DL385 Gen10 Server prior to v1.04
HPE Synergy 480 Gen10 Compute Module prior to v1.28
HPE ProLiant ML350 Gen10 Server prior to v1.28
HPE ProLiant XL730f Gen9 Server To be delivered
HPE ProLiant XL230a Gen9 Server To be delivered
HPE ProLiant XL740f Gen9 Server To be delivered
HPE ProLiant XL750f Gen9 Server To be delivered
HPE ProLiant XL170r Gen9 Server To be delivered
HP ProLiant DL60 Gen9 Server To be delivered
HPE ProLiant XL450 Gen9 Server To be delivered
HP ProLiant DL160 Gen9 Server To be delivered
HPE Apollo 4200 Gen9 Server To be delivered
HP ProLiant BL460c Gen9 Server Blade To be delivered
HP ProLiant ML110 Gen9 Server To be delivered
HP ProLiant ML150 Gen9 Server To be delivered
HPE ProLiant ML350 Gen9 Server To be delivered
HP ProLiant DL380 Gen9 Server To be delivered
HP ProLiant DL120 Gen9 Server To be delivered
HPE ProLiant DL560 Gen9 Server To be delivered
HP ProLiant BL660c Gen9 Server To be delivered
HPE ProLiant DL20 Gen9 Server To be delivered
HPE Synergy 660 Gen9 Compute Module To be delivered
HPE Synergy 480 Gen9 Compute Module To be delivered
HPE ProLiant ML30 Gen9 Server To be delivered
HPE ProLiant XL250a Gen9 Server To be delivered
HPE ProLiant XL190r Gen9 Server To be delivered
HP ProLiant DL80 Gen9 Server To be delivered
HPE ProLiant DL180 Gen9 Server To be delivered
HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server To be delivered
HPE ProLiant WS460c Gen9 Workstation To be delivered
HPE ProLiant XL260a Gen9 Server To be delivered
HPE Synergy 620 Gen9 Compute Module To be delivered
HPE ProLiant DL580 Gen9 Server To be delivered
HPE Synergy 680 Gen9 Compute Module To be delivered
HPE ProLiant m510 Server Cartridge prior to v1.62
HPE ProLiant m710p Server Cartridge prior to v12/12/2017
HPE ProLiant m710x Server Cartridge prior to v1.60
HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60)
HPE Synergy Composer prior to 12/12/2017
HPE Integrity Superdome X with BL920s Blades prior to 8.8.6
HP ProLiant DL360 Gen9 Server prior to 2.3.110
HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017
HPE ProLiant ML10 v2 Server prior to 12/12/2017
HPE ProLiant m350 Server Cartridge prior to v1/15/2018
HPE ProLiant m300 Server Cartridge prior to v1/15/2018
HPE ProLiant MicroServer Gen8 prior to 12/12/2017
HPE ProLiant ML310e Gen8 v2 Server prior to v12/12/2017

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2017-5715
  8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
  6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)

CVE-2017-5753
  5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
  5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)

CVE-2017-5754
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following system ROM updates which include an updated microcode to resolve the vulnerability:

HPE has provided a customer bulletin https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us with specific instructions to obtain the udpated sytem ROM
Note:
- CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well.
- For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system.
- HPE will continue to add additional products to the list.

HISTORY

Version:1 (rev.1) - 4 January 2018 Initial release

Version:2 (rev.2) - 5 January 2018 Added additional impacted products

Version:3 (rev.3) - 10 January 2018 Added more impacted products

Version:4 (rev.4) - 9 January 2018 Fixed product ID

Version:5 (rev.5) - 18 January 2018 Added additional impacted products

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq

Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2015-9016

Ming Lei reported a race condition in the multiqueue block layer
(blk-mq).  On a system with a driver using blk-mq (mtip32xx,
null_blk, or virtio_blk), a local user might be able to use this
for denial of service or possibly for privilege escalation.

CVE-2017-0861

Robb Glasser reported a potential use-after-free in the ALSA (sound)
PCM core.  We believe this was not possible in practice.

CVE-2017-5715

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using the "retpoline" compiler feature which allows
indirect branches to be isolated from speculative execution.

CVE-2017-5753

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 1
(bounds-check bypass) and is mitigated by identifying vulnerable
code sections (array bounds checking followed by array access) and
replacing the array access with the speculation-safe
array_index_nospec() function.

More use sites will be added over time.

CVE-2017-13166

A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
code has been found. Memory protections ensuring user-provided
buffers always point to userland memory were disabled, allowing
destination addresses to be in kernel space. On a 64-bit kernel a
local user with access to a suitable video device can exploit this
to overwrite kernel memory, leading to privilege escalation.

CVE-2017-13220

Al Viro reported that the Bluetooth HIDP implementation could
dereference a pointer before performing the necessary type check. 
A local user could use this to cause a denial of service.

CVE-2017-16526

Andrey Konovalov reported that the UWB subsystem may dereference
an invalid pointer in an error case.  A local user might be able
to use this for denial of service.

CVE-2017-16911

Secunia Research reported that the USB/IP vhci_hcd driver exposed
kernel heap addresses to local users.

CVE-2017-16912

Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to an out-of-bounds read.  A remote user able to connect to the
USB/IP server could use this for denial of service.

CVE-2017-16913

Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to excessive memory allocation.  A remote user able to connect to
the USB/IP server could use this for denial of service.

CVE-2017-16914

Secunia Research reported that the USB/IP stub driver failed to
check for an invalid combination of fields in a received packet,
leading to a null pointer dereference.  A remote user able to
connect to the USB/IP server could use this for denial of service.

CVE-2017-18017

Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
failed to validate TCP header lengths, potentially leading to a
use-after-free.  If this module is loaded, it could be used by a
remote attacker for denial of service or possibly for code
execution.

CVE-2017-18203

Hou Tao reported that there was a race condition in creation and
deletion of device-mapper (DM) devices.  A local user could
potentially use this for denial of service.

CVE-2017-18216

Alex Chen reported that the OCFS2 filesystem failed to hold a
necessary lock during nodemanager sysfs file operations,
potentially leading to a null pointer dereference.  A local user
could use this for denial of service.

CVE-2017-18232

Jason Yan reported a race condition in the SAS (Serial-Attached
SCSI) subsystem, between probing and destroying a port.  This
could lead to a deadlock.  A physically present attacker could
use this to cause a denial of service.

CVE-2017-18241

Yunlei He reported that the f2fs implementation does not properly
initialise its state if the "noflush_merge" mount option is used. 
A local user with access to a filesystem mounted with this option
could use this to cause a denial of service.

CVE-2018-1066

Dan Aloni reported to Red Hat that the CIFS client implementation
would dereference a null pointer if the server sent an invalid
response during NTLMSSP setup negotiation.  This could be used
by a malicious server for denial of service.

CVE-2018-1068

The syzkaller tool found that the 32-bit compatibility layer of
ebtables did not sufficiently validate offset values. On a 64-bit
kernel, a local user with the CAP_NET_ADMIN capability (in any user
namespace) could use this to overwrite kernel memory, possibly
leading to privilege escalation. Debian disables unprivileged user
namespaces by default.

CVE-2018-1092

Wen Xu reported that a crafted ext4 filesystem image would
trigger a null dereference when mounted.  A local user able
to mount arbitrary filesystems could use this for denial of
service.

CVE-2018-5332

Mohamed Ghannam reported that the RDS protocol did not
sufficiently validate RDMA requests, leading to an out-of-bounds
write.  A local attacker on a system with the rds module loaded
could use this for denial of service or possibly for privilege
escalation.

CVE-2018-5333

Mohamed Ghannam reported that the RDS protocol did not properly
handle an error case, leading to a null pointer dereference.  A
local attacker on a system with the rds module loaded could
possibly use this for denial of service.

CVE-2018-5750

Wang Qize reported that the ACPI sbshc driver logged a kernel heap
address.

CVE-2018-5803

Alexey Kodanev reported that the SCTP protocol did not range-check
the length of chunks to be created.  A local or remote user could
use this to cause a denial of service.

CVE-2018-6927

Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
not check for negative parameter values, which might lead to a
denial of service or other security impact.

CVE-2018-7492

The syzkaller tool found that the RDS protocol was lacking a null
pointer check.  A local attacker on a system with the rds module
loaded could use this for denial of service.

CVE-2018-7566

Fan LongFei reported a race condition in the ALSA (sound)
sequencer core, between write and ioctl operations.  This could
lead to an out-of-bounds access or use-after-free.  A local user
with access to a sequencer device could use this for denial of
service or possibly for privilege escalation.

CVE-2018-7740

Nic Losby reported that the hugetlbfs filesystem's mmap operation
did not properly range-check the file offset.  A local user with
access to files on a hugetlbfs filesystem could use this to cause
a denial of service.

CVE-2018-7757

Jason Yan reported a memory leak in the SAS (Serial-Attached
SCSI) subsystem.  A local user on a system with SAS devices
could use this to cause a denial of service.

CVE-2018-7995

Seunghun Han reported a race condition in the x86 MCE
(Machine Check Exception) driver.  This is unlikely to have
any security impact.

CVE-2018-8781

Eyal Itkin reported that the udl (DisplayLink) driver's mmap
operation did not properly range-check the file offset.  A local
user with access to a udl framebuffer device could exploit this to
overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

Dr Silvio Cesare of InfoSect reported that the ncpfs client
implementation did not validate reply lengths from the server.  An
ncpfs server could use this to cause a denial of service or
remote code execution in the client.

CVE-2018-1000004

Luo Quan reported a race condition in the ALSA (sound) sequencer
core, between multiple ioctl operations.  This could lead to a
deadlock or use-after-free.  A local user with access to a
sequencer device could use this for denial of service or possibly
for privilege escalation.

CVE-2018-1000199

Andy Lutomirski discovered that the ptrace subsystem did not
sufficiently validate hardware breakpoint settings.  Local users
can use this to cause a denial of service, or possibly for
privilege escalation, on x86 (amd64 and i386) and possibly other
architectures.

For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

Security Fix(es):

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

In this update mitigations for x86-64 architecture are provided.

Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)

Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)

Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.

Red Hat would like to thank Google Project Zero for reporting these issues.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm

x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

ppc64: kernel-2.6.32-696.18.7.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm kernel-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-headers-2.6.32-696.18.7.el6.ppc64.rpm perf-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm

s390x: kernel-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-headers-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm perf-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

ppc64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm

s390x: kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O OR+iGnoY+cALbsBWKwbmzQM= =V4ow -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:

Image Updates for RHV-H - noarch Management Agent for RHEL 7 Hosts - noarch

The appliance is available to download as an OVA file from the Customer Portal. 6.5) - x86_64
7) - noarch, x86_64
Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. ========================================================================== Ubuntu Security Notice USN-3541-2 January 23, 2018

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. This flaw is known as Spectre. (CVE-2017-5715, CVE-2017-5753)

USN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: linux-image-4.13.0-1006-azure 4.13.0-1006.8 linux-image-4.13.0-1007-gcp 4.13.0-1007.10 linux-image-4.13.0-1017-oem 4.13.0-1017.18 linux-image-4.13.0-31-generic 4.13.0-31.34~16.04.1 linux-image-4.13.0-31-lowlatency 4.13.0-31.34~16.04.1 linux-image-azure 4.13.0.1006.7 linux-image-gcp 4.13.0.1007.9 linux-image-generic-hwe-16.04 4.13.0.31.51 linux-image-gke 4.13.0.1007.9 linux-image-lowlatency-hwe-16.04 4.13.0.31.51 linux-image-oem 4.13.0.1017.21

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the IBRS and IBPB features are required to enable the kernel mitigations. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "solaris",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "esxi",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "solaris",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "_id": null,
        "model": "esxi",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.5"
      },
      {
        "_id": null,
        "model": "xeon e5 2450l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5550"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340"
      },
      {
        "_id": null,
        "model": "vl2 ppc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "dl ppc15 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "_id": null,
        "model": "virtual machine manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.2-23739"
      },
      {
        "_id": null,
        "model": "xeon e5 2430",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic itc2200 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v3"
      },
      {
        "_id": null,
        "model": "vl2 ppc12 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2677m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5509"
      },
      {
        "_id": null,
        "model": "core m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y57"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110"
      },
      {
        "_id": null,
        "model": "xeon e3 1246 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "router manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "1.1.7-6941-1"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4108"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670qm"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2750"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210u"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1585l_v5"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2300"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2760"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3830"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y32"
      },
      {
        "_id": null,
        "model": "local service management system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2850_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "965"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650u"
      },
      {
        "_id": null,
        "model": "vl2 ppc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3958"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8894_v4"
      },
      {
        "_id": null,
        "model": "simatic itc1900 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "940"
      },
      {
        "_id": null,
        "model": "xeon e5 2470",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2657m"
      },
      {
        "_id": null,
        "model": "btc12",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "pepperl fuchs",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4308u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500te"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5200u"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176f"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3455"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460s"
      },
      {
        "_id": null,
        "model": "xeon e3 1240",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "diskstation manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "synology",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "xeon e3 1505l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7230"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8170"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5010u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6400"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3010"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4010y"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v2"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3445"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10c"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3740d"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4617"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200y"
      },
      {
        "_id": null,
        "model": "xeon e5 2448l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1260l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4558u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520e"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6267u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660ue"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3338"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5750hq"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.2"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3150"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "430m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "655k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5775r"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3217ue"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3520m"
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770k"
      },
      {
        "_id": null,
        "model": "xeon e3 1240l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3200rk"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3537u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700ec"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5120"
      },
      {
        "_id": null,
        "model": "bl2 ppc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1575m_v5"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4116"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6102e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2520m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3320m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v3"
      },
      {
        "_id": null,
        "model": "vs960hd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2830"
      },
      {
        "_id": null,
        "model": "cortex-a12",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "neoverse n2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3229y"
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2560"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8857_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6136"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v2"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8168"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2377m"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3845"
      },
      {
        "_id": null,
        "model": "cortex-a78",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "650"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330m"
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3060"
      },
      {
        "_id": null,
        "model": "xeon e3 1280",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "820qm"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620um"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v2"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3826"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5700hq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5504"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735f"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4302y"
      },
      {
        "_id": null,
        "model": "xeon e5 2448l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5850eq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5650"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2637m"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1535m_v5"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4750hq"
      },
      {
        "_id": null,
        "model": "local service management system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.1"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4200"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5506"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5119t"
      },
      {
        "_id": null,
        "model": "vs360hd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470"
      },
      {
        "_id": null,
        "model": "xeon e5 2623 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850"
      },
      {
        "_id": null,
        "model": "vl ipc p7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1680 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5118"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138t"
      },
      {
        "_id": null,
        "model": "vl ppc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770s"
      },
      {
        "_id": null,
        "model": "simatic winac rtx \\ 2010",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100te"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3339y"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4960hq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590s"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "880"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "960"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6320"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690s"
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4430s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3110m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8850_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2518"
      },
      {
        "_id": null,
        "model": "vl2 ppc7 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5630"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700mq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3430"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160m"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y70"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4603_v2"
      },
      {
        "_id": null,
        "model": "bl bpc 7001",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2320"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "750s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4950hq"
      },
      {
        "_id": null,
        "model": "xeon e5 2430 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860_v4"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2515e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4430"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "875k"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138f"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "920xm"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "12.5.8"
      },
      {
        "_id": null,
        "model": "bl bpc 3001",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "470um"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3680"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v4"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3740"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610m"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2308"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3630qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570te"
      },
      {
        "_id": null,
        "model": "xeon e3 1286 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700eq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2683_v4"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2460"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v4"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2820"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4020y"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5005u"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4116t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5649"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4607"
      },
      {
        "_id": null,
        "model": "vl2 ppc 9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5557u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6400t"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3825"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2340ue"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2538"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "930"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "430um"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3240"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100h"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2830"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2430m"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2930"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2803"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6440hq"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3775d"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3580"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600t"
      },
      {
        "_id": null,
        "model": "local service management system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2810"
      },
      {
        "_id": null,
        "model": "xeon e5 2623 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5020u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210y"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3950"
      },
      {
        "_id": null,
        "model": "vl2 bpc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4102e"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3508"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3230m"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3815"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7210"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5606"
      },
      {
        "_id": null,
        "model": "xeon e3 1501l v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2350m"
      },
      {
        "_id": null,
        "model": "vl2 ppc9 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4712mq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8350u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v4"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6360u"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735d"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2312m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7530"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5506"
      },
      {
        "_id": null,
        "model": "xeon e5 2440 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1900"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2640m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4112e"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2330m"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2450",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2430l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8850"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v4"
      },
      {
        "_id": null,
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4628l_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3337u"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1535m_v6"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2805"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2718"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3708"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4402ec"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870hq"
      },
      {
        "_id": null,
        "model": "xeon e5 2630",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2580"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4667_v4"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1505m_v6"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4260u"
      },
      {
        "_id": null,
        "model": "xeon e5 2650l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600k"
      },
      {
        "_id": null,
        "model": "xeon e5 2438l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540um"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2730"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4440s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2760qm"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4655_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7600u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v2"
      },
      {
        "_id": null,
        "model": "bl bpc 2001",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "740qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4910mq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2467m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4130t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3360m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "460m"
      },
      {
        "_id": null,
        "model": "xeon e3 1501m v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6585r"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2470 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2608l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4578u"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y30"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3635qm"
      },
      {
        "_id": null,
        "model": "xeon e3 1220",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "xeon e3 12201",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5675"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2130"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3330"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8550u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5560"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870_v2"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3795"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860hq"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735g"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v2"
      },
      {
        "_id": null,
        "model": "bl2 bpc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "vl2 bpc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6152"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "380um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7560u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4660_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4288u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699r_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "bl ppc17 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "17.10"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570s"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x6550"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3470"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5530"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6134m"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3235rk"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3475s"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1750"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3230rk"
      },
      {
        "_id": null,
        "model": "xeon e3 1505m v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2698_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6287u"
      },
      {
        "_id": null,
        "model": "xeon e5 1428l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330te"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210h"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8830"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2550"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300y"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v2"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300u"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3758"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4370"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v2"
      },
      {
        "_id": null,
        "model": "cortex-a15",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2860qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3440"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4667_v3"
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3550"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6132"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4170"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8156"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4370t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3615qm"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2375m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820hk"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v2"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5638"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2400s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "970"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3858"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340te"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5518"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6154"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7210f"
      },
      {
        "_id": null,
        "model": "vl2 ppc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v3"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y71"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3775"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5570"
      },
      {
        "_id": null,
        "model": "xeon e5 2408l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1278l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w5580"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10a"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7567u"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6098p"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2617m"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2910"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3000"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670r"
      },
      {
        "_id": null,
        "model": "simatic itc1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3120m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4025u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470s"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126f"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2418l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7230f"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l7555"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2316"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2655le"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4720hq"
      },
      {
        "_id": null,
        "model": "xeon e5 2403",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4000m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2115c"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7290f"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3550s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2920xm"
      },
      {
        "_id": null,
        "model": "xeon e5 1680 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4980hq"
      },
      {
        "_id": null,
        "model": "bl bpc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5675r"
      },
      {
        "_id": null,
        "model": "xeon e3 1231 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2890_v2"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "550"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3710"
      },
      {
        "_id": null,
        "model": "vl bpc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "990x"
      },
      {
        "_id": null,
        "model": "xeon e5 1630 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330e"
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "480m"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3480"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3460"
      },
      {
        "_id": null,
        "model": "xeon e3 1225",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2870_v2"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3538"
      },
      {
        "_id": null,
        "model": "router manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "synology",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100e"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3700"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1545m_v5"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3530"
      },
      {
        "_id": null,
        "model": "xeon e3 1285l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4220y"
      },
      {
        "_id": null,
        "model": "cortex-a75",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "bl ppc15 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700k"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5603"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3612qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "870"
      },
      {
        "_id": null,
        "model": "xeon e5 1620",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v4"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4010u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660um"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5680"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3745d"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3517ue"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5257u"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570k"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670s"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w5590"
      },
      {
        "_id": null,
        "model": "xeon e3 1271 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4712hq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4657l_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610me"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "720qm"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697a_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3740qm"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3808"
      },
      {
        "_id": null,
        "model": "xeon e3 1125c v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "950"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8153"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5607"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5520"
      },
      {
        "_id": null,
        "model": "xeon e3 1226 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4410e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2390t"
      },
      {
        "_id": null,
        "model": "bl bpc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3850"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300"
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1800"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2650l_v4"
      },
      {
        "_id": null,
        "model": "dl ppc18.5m 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4120u"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2510e"
      },
      {
        "_id": null,
        "model": "xeon e3 1286l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5690"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3217u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v4"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "370m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6167u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4250u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "980x"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2665"
      },
      {
        "_id": null,
        "model": "bl ppc12 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "vl2 bpc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5015u"
      },
      {
        "_id": null,
        "model": "xeon e3 1275",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "450m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820hq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l7545"
      },
      {
        "_id": null,
        "model": "el ppc 1000\\/wt",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3820qm"
      },
      {
        "_id": null,
        "model": "xeon e5 2609",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x5-e3930",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1258l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v3"
      },
      {
        "_id": null,
        "model": "bl ppc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "760"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3205rk"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6006u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3439y"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2557m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2357m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4669_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "840qm"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3308"
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4500u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5700eq"
      },
      {
        "_id": null,
        "model": "xeon e5 1650",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867l"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620le"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4550u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820eq"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y30"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1281 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7660u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4158u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2880_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "860s"
      },
      {
        "_id": null,
        "model": "xeon e-1105c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5539"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2630qm"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2840"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200h"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4400e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850hq"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2870"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4205"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3520"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4130"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3115c"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6148"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2435m"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2807"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3120me"
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2407 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2100t"
      },
      {
        "_id": null,
        "model": "xeon e5 2430l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "bl2 ppc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3295rk"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "870s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "975"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2808"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4765t"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "_id": null,
        "model": "vl2 bpc 9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2365m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3220t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5650u"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1558l_v5"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100e"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4114"
      },
      {
        "_id": null,
        "model": "cortex-a77",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6260u"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2610ue"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2758"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3615qe"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5502"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5645"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic itc2200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2330e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5675c"
      },
      {
        "_id": null,
        "model": "cortex-a72",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3770"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5640"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5647"
      },
      {
        "_id": null,
        "model": "xeon bronze 3106",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3689y"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3670"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y31"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3710"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5157u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2620m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4771"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7542"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3770d"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4607_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2637",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5667"
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860_v2"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3736g"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3785"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7250f"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v4"
      },
      {
        "_id": null,
        "model": "cortex-a73",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4150"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7295"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3750"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699_v3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4807"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6140"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4810mq"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3558"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e6540"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4660_v4"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3590"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v3"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3050"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v4"
      },
      {
        "_id": null,
        "model": "xeon bronze 3104",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4600u"
      },
      {
        "_id": null,
        "model": "dl ppc21.5m 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100m"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3160"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5687"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "661"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4258u"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3805"
      },
      {
        "_id": null,
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "_id": null,
        "model": "xeon e3 1105c v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "bl rackmount 4u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5620"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2348m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "390m"
      },
      {
        "_id": null,
        "model": "el ppc 1000\\/m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "380m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6442eq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "920"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8600k"
      },
      {
        "_id": null,
        "model": "bl2 bpc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3827"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4648_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2125"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2550k"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880l_v2"
      },
      {
        "_id": null,
        "model": "esxi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.5.0"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic itc1500 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "cortex-a8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2420",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2720qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610y"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8650u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v4"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4100"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2520"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670k"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6685r"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4785t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v4"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5618"
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2675qm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e6510"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2450m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3555le"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2450p"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3955"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4278u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2629m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640m"
      },
      {
        "_id": null,
        "model": "diskstation manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.2.2-24922"
      },
      {
        "_id": null,
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3840qm"
      },
      {
        "_id": null,
        "model": "simatic itc1900",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4760hq"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2820"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2649m"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4510u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5600u"
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3530"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3220"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3450s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4030y"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5609"
      },
      {
        "_id": null,
        "model": "xeon e5 1428l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3460"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3130"
      },
      {
        "_id": null,
        "model": "vl2 ppc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4440"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4114t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3380m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4310u"
      },
      {
        "_id": null,
        "model": "xeon e3 1268l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330um"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2400"
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2820qm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5630"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4655_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5670"
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3517u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l3426"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2380p"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500t"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2530"
      },
      {
        "_id": null,
        "model": "cortex-r8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3632qm"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5503"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3060"
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5120t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2715qe"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v4"
      },
      {
        "_id": null,
        "model": "vl bpc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y75"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620lm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "610e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "980"
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702ec"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3130m"
      },
      {
        "_id": null,
        "model": "bl ppc15 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "cortex-a78ae",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702mq"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v4"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8158"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v3"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3265rk"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600s"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v3"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1578l_v5"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4000"
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3427u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8350k"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3612qe"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6140m"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7285"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2700k"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5575r"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v4"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4112"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3687u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3245"
      },
      {
        "_id": null,
        "model": "xeon e3 1125c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5508"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7235"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2370m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5677"
      },
      {
        "_id": null,
        "model": "hci",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8250u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4600m"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j2850"
      },
      {
        "_id": null,
        "model": "xeon e3 1220l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2698_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2650l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2105"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8700k"
      },
      {
        "_id": null,
        "model": "xeon e5 2407",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2450l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2640",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "btc14",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "pepperl fuchs",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310m"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j2900"
      },
      {
        "_id": null,
        "model": "xeon e5 2650l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6350hq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5520"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8700"
      },
      {
        "_id": null,
        "model": "cortex-a17",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3227u"
      },
      {
        "_id": null,
        "model": "xeon e3 1235l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "cortex-a9",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670t"
      },
      {
        "_id": null,
        "model": "xeon e3 1260l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5122"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3250t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660lm"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v3"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2738"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770te"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5672"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3317u"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3570"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5950hq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610"
      },
      {
        "_id": null,
        "model": "xeon e5 1660",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 12201 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2806"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6157u"
      },
      {
        "_id": null,
        "model": "bl2 bpc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500k"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2860"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4202y"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300t"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2338"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "350m"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6146"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7520"
      },
      {
        "_id": null,
        "model": "cortex-x1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4160"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2850"
      },
      {
        "_id": null,
        "model": "atom x5-e3940",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1505l v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3510"
      },
      {
        "_id": null,
        "model": "xeon e3 1290",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4800mq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770hq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620ue"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3480"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2350"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699a_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2643",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2410m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v3"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5550u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4710mq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5640"
      },
      {
        "_id": null,
        "model": "bl ppc17 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8164"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2537m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860_v3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3350p"
      },
      {
        "_id": null,
        "model": "xeon e3 1230l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880l_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640lm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5540"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y51"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4710hq"
      },
      {
        "_id": null,
        "model": "xeon e3 1245",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v3"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "17.04"
      },
      {
        "_id": null,
        "model": "xeon e5 2608l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1270",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8170m"
      },
      {
        "_id": null,
        "model": "bl rackmount 2u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6440eq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702hq"
      },
      {
        "_id": null,
        "model": "core m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y54"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4603"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670"
      },
      {
        "_id": null,
        "model": "neoverse n1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2620",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2683_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5775c"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5500u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "940xm"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4005"
      },
      {
        "_id": null,
        "model": "xeon e5 2450 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790s"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650l"
      },
      {
        "_id": null,
        "model": "atom x7-e3950",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "bl ppc17 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "cortex-r7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340"
      },
      {
        "_id": null,
        "model": "xeon e3 1276 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3450"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8100"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6128"
      },
      {
        "_id": null,
        "model": "xeon e5 2403 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v4"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2558"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3210"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3720qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4310m"
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "680"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4109t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5507"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2420"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2508"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4012y"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5530"
      },
      {
        "_id": null,
        "model": "vl ppc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3405"
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5350h"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5250u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770r"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8180"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2120t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3210m"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1630 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690k"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7250"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3250"
      },
      {
        "_id": null,
        "model": "bl bpc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2603",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3736f"
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2650",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v2"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3225"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700hq"
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4030u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v4"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "lc5518"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5660"
      },
      {
        "_id": null,
        "model": "xeon e3 1240l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3450"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3560"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5287u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "860"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610qe"
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6134"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "580m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4170t"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4105"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570t"
      },
      {
        "_id": null,
        "model": "bl2 ppc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3450"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7500u"
      },
      {
        "_id": null,
        "model": "xeon e3 1268l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2367m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2540m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7550"
      },
      {
        "_id": null,
        "model": "xeon e3 1235",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "vl2 bpc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658a_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7540"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4624l_v2"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3745"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "lc5528"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735e"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "530"
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700hq"
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100u"
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4422e"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2960xm"
      },
      {
        "_id": null,
        "model": "xeon e5 2418l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142m"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5115"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5549"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2940"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3350"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2100"
      },
      {
        "_id": null,
        "model": "xeon e3 1290 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340s"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1850"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3160"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3437u"
      },
      {
        "_id": null,
        "model": "dl ppc15m 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1241 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2516"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1585_v5"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600"
      },
      {
        "_id": null,
        "model": "xeon e3 1230",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570r"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2120"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300hq"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2480"
      },
      {
        "_id": null,
        "model": "bl ppc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3667u"
      },
      {
        "_id": null,
        "model": "cortex-a57",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2358"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3355"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4669_v4"
      },
      {
        "_id": null,
        "model": "visunet rm shell",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "pepperl fuchs",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4160t"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "8.5.9"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5850hq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5300u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2635qm"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2102"
      },
      {
        "_id": null,
        "model": "xeon e5 2440",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1285l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4900mq"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4005u"
      },
      {
        "_id": null,
        "model": "el ppc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6150"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6148f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4722hq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5350u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "670"
      },
      {
        "_id": null,
        "model": "simatic winac rtx \\ 2010",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "_id": null,
        "model": "cortex-a76",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1565l_v5"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200u"
      },
      {
        "_id": null,
        "model": "vl bpc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1275l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1428l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3690"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2405s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3240t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "680um"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v2"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2420 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6200u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4402e"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4880_v2"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4890_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867_v3"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7290"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2920"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4150t"
      },
      {
        "_id": null,
        "model": "bl ppc15 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8837"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6402p"
      },
      {
        "_id": null,
        "model": "core m7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y75"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7560"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l3406"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7920hq"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2815"
      },
      {
        "_id": null,
        "model": "skynas",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": "valueline ipc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2710qe"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3540"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3540m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2328m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3330s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8400"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1515m_v5"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2418l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6144"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "750"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110m"
      },
      {
        "_id": null,
        "model": "internet explorer",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "microsoft",
        "version": "11"
      },
      {
        "_id": null,
        "model": "edge",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "microsoft",
        "version": "0"
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "amd",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "dell",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "dell emc",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hp",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "qualcomm incorporated",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "_id": null,
        "model": "windows sp1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "_id": null,
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "v8"
      },
      {
        "_id": null,
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "_id": null,
        "model": "xeon cpu e5-1650",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "v3"
      },
      {
        "_id": null,
        "model": "cortex a57",
        "scope": null,
        "trust": 0.6,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "pro a8-9600 r7",
        "scope": null,
        "trust": 0.6,
        "vendor": "amd",
        "version": null
      },
      {
        "_id": null,
        "model": "compute cores 4c+6g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "amd",
        "version": "10"
      },
      {
        "_id": null,
        "model": "fx -8320 eight-core processor",
        "scope": null,
        "trust": 0.6,
        "vendor": "amd",
        "version": null
      },
      {
        "_id": null,
        "model": "windows server",
        "scope": null,
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server year extended update support",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "redhat",
        "version": "-47.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1689.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.924.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1049.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.110.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375127"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.31"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.51"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.166"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.891.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.15"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.27"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.306.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1012"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1005.0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.42"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1039"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.434.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.702.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1311.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.687.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.155"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.365.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.879.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.317.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.926.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.47255"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.39"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1077.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "44.0.2403.157"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.530.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.58"
      },
      {
        "_id": null,
        "model": "facsmelody",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1308.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.633.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.769.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.127"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.785.0"
      },
      {
        "_id": null,
        "model": "pro a8-9600 r7 compute cores 4c+6g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "amd",
        "version": "100"
      },
      {
        "_id": null,
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "_id": null,
        "model": "facscanto ii clinical",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.225"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.90"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.11"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.385.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.319.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.908.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.204"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.219"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.374.0"
      },
      {
        "_id": null,
        "model": "pyxis ecostation system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.23"
      },
      {
        "_id": null,
        "model": "facscanto ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.40"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1043"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.604.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.40"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.44"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.150"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.40"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "36.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.756.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.34"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.886.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.123"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.342"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.51"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.233"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.955.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1082.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.760.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1658.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.368.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.594.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.118"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.743.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1285.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "62.0.3202.97"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.96365"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "43.0.2357.130"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "63.0.3239.86"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.816.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.393.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.362.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.618.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.628.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.815.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "27.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.423.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "62.0.3202.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.802.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.12"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.17"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.46"
      },
      {
        "_id": null,
        "model": "prepstain",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.323.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.804.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.370.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.203"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.805.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.789.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.32"
      },
      {
        "_id": null,
        "model": "totalys slideprep",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "41.0.2272"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.315"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.55"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.512.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.109"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.5"
      },
      {
        "_id": null,
        "model": "simatic ipc427e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.901.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1285.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.729.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.23"
      },
      {
        "_id": null,
        "model": "chrome os beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.130.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.483.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.467.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.200"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.10"
      },
      {
        "_id": null,
        "model": "facslink interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "28"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.16"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.128.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.452.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1017"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.748.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.727.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.302.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.379.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.654.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.32"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.334.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.862.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.303"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.91"
      },
      {
        "_id": null,
        "model": "facsjazz",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "enterprise linux server extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.95"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.458.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.404.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.721.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "46.0.2490"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.90"
      },
      {
        "_id": null,
        "model": "sql server for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201240"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1030"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.132"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.51"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.336"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.32"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.602.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.211"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1049.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1058.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.79"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201240"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.415.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.931.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.722.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.32"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.520.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1022"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.651.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.11"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.31"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.476.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1055.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1670.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.354.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.222.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.690.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.570.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.347.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.13"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.2"
      },
      {
        "_id": null,
        "model": "sinumerik d sl ncu730.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "840"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.11"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.344"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.412.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.44"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.634.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.329.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1085.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.664.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.26"
      },
      {
        "_id": null,
        "model": "sinumerik d sl ncu730.3b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "840"
      },
      {
        "_id": null,
        "model": "lsr ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.596.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.69"
      },
      {
        "_id": null,
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.730.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1060.0"
      },
      {
        "_id": null,
        "model": "pyxis supply roller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.40"
      },
      {
        "_id": null,
        "model": "facscount",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.610.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.422.0"
      },
      {
        "_id": null,
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20160"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.48"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.299.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.371.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.56"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1668.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.615.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.599.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.99"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.452.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.102"
      },
      {
        "_id": null,
        "model": "enterprise mrg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "_id": null,
        "model": "focal point linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "-0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.92"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.6"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1675.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.50"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.28"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.873.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.301.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.116"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.794.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.42"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.781.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.143"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1298.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.157.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.134"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.554.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.45"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "40.0.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.775.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.631.0"
      },
      {
        "_id": null,
        "model": "communications lsms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.125"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.102"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.477.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.941.0"
      },
      {
        "_id": null,
        "model": "pyxis cathrack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "v80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.516.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.430.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1684.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.457.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1289.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1008.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.943.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.21"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.3"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.609.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364160"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.211.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.582.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.589.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.41"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.575.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1671.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1663.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.356.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1280.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.122"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.95"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.726.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.667.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1034.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "60.0.3112.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.32"
      },
      {
        "_id": null,
        "model": "rowa dose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.716.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.480.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.45"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.700.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.28"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.154"
      },
      {
        "_id": null,
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1684.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1652.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.627.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.826.0"
      },
      {
        "_id": null,
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.581.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.1"
      },
      {
        "_id": null,
        "model": "focal point solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "-0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.544.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.130"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1041"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.336.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.11"
      },
      {
        "_id": null,
        "model": "simatic s7-1518-4 pn/dp odk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "52.0.2743.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1295.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.922.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.42"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.638.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1049.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.219"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "41.0.2272.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.910.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.149"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1686.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.90"
      },
      {
        "_id": null,
        "model": "simatic ipc427d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.671.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1055.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "50.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.424.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.39"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.6"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.898.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.478.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.465.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.540.0"
      },
      {
        "_id": null,
        "model": "facspresto",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.57"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.46"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.5"
      },
      {
        "_id": null,
        "model": "sql server for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1004.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.136"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.935.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.821.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.212.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.492.0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.33"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.923.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.46"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "42.0.2311"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.16"
      },
      {
        "_id": null,
        "model": "windows for 32-bit systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.547.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.41"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.948.0"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.74"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.63"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "16.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.114"
      },
      {
        "_id": null,
        "model": "pyxis duostation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1024.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.784.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.16"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.15"
      },
      {
        "_id": null,
        "model": "windows server for 32-bit systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "46.0.2490.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1017.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.683.0"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.9.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.425.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.486.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "35.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.747.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.333"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.775.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017090"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.99"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1077.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.27"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1300.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.32"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.889.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1028"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.33"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.133"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.773.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.26"
      },
      {
        "_id": null,
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.157"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.739.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.19"
      },
      {
        "_id": null,
        "model": "influx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.404.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.27"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491059"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.159.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1028.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "65.0.3325.167"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.95"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1013"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.658.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.159"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1023"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.761.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.369.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.690.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.44"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.16"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.24"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.660.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "57.0.2987.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.511.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1676.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.108"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.137"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1669.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.587.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.437.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.16"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.321.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "39.0.2171.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.48"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.861.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.524.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.717.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.9"
      },
      {
        "_id": null,
        "model": "sql server r2 for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "200830"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.880.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.607.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.471.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.923.1"
      },
      {
        "_id": null,
        "model": "simatic ipc477d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.9"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "37.0.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.126"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.89"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.309.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.232"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.778.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.447.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.4.154.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.655.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.579.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.694.0"
      },
      {
        "_id": null,
        "model": "bactec",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "90500"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.669.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1671.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.67"
      },
      {
        "_id": null,
        "model": "simatic s7-1500 software controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.702.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "47.0.2526.80"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "_id": null,
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.190.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "39.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.400.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.31"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.592.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.902.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.444.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.39"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.15"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1272.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.548.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1017.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.954.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.640.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.23"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.020"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.18"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.103"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.759.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.587.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.84"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "49.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.314.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.69"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "16"
      },
      {
        "_id": null,
        "model": "simatic ipc677d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.13"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.125"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1661.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.662.0"
      },
      {
        "_id": null,
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.149"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.833.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1281.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.810.0"
      },
      {
        "_id": null,
        "model": "simotion p320-4e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.871.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.31"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.51"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364160"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1681.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.41"
      },
      {
        "_id": null,
        "model": "nexus 6p",
        "scope": null,
        "trust": 0.3,
        "vendor": "google",
        "version": null
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.649.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.354.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.316.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.692.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.17"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "13.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.83"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.17"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.93"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.630.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.3.154.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.885.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.9.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.569.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.89"
      },
      {
        "_id": null,
        "model": "simatic itp3000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.962.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1675.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.306.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.295.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.318.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.619.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.14"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1004"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.100"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "57.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1033"
      },
      {
        "_id": null,
        "model": "simatic ipc627c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1044"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.160"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1679.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.23"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "60.0.3112.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.70"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.51"
      },
      {
        "_id": null,
        "model": "enterprise linux for scientific computing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.539.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.661.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.91"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.939.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.474.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.110"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.893.1"
      },
      {
        "_id": null,
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.99"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.507.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.883.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.306"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.62"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.348.0"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.507.2"
      },
      {
        "_id": null,
        "model": "windows server r2 for itanium-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "20.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.120"
      },
      {
        "_id": null,
        "model": "simatic itp1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.935.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.705.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1082.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1016.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.395.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.118"
      },
      {
        "_id": null,
        "model": "ruggedcom rx1400 vpe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.776.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.72"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1075.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.24"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "14.01"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "43.0.2357.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.172"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.535.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.443.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.296.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.107"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.776.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.96379"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.217"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.900.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1074.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.126"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.19"
      },
      {
        "_id": null,
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.611.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.407.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.57"
      },
      {
        "_id": null,
        "model": "pyxis medstation es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.892.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.51"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.518.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.346.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1658.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.897.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.421.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.132"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.56"
      },
      {
        "_id": null,
        "model": "pyxis stockstation system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.0"
      },
      {
        "_id": null,
        "model": "simotion p320-4s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "36.0.1985.143"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1003.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.927.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.382.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.23"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "49.0.2623.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.55"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.462.0"
      },
      {
        "_id": null,
        "model": "simatic ipc827d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1021.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.9"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.77"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.16"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.818.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.08"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.645.0"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.126"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.23"
      },
      {
        "_id": null,
        "model": "chrome ~~~and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "38.0.2125.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1065.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.674.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.905.0"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "facssample prep assistant iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.169"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.531.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.23"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1284.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.115"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "20.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.59"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1040.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.35"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.939.0"
      },
      {
        "_id": null,
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.758.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.93"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.99"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.184"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.154"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.112"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.42"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.15"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.0.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.344"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.419.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.672.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.608.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.135"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.675.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.222.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.755.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1072.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.437.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.435.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.215"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.63"
      },
      {
        "_id": null,
        "model": "pyxis medication administration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.617.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1019.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.685.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.312"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.30"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.699.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.65"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.453.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.961.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.3"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.202"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.341"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.57"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1058"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "56.0.2924.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1662.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1669.3"
      },
      {
        "_id": null,
        "model": "facsverse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.52"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.506.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1054"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.132"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.168"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.16"
      },
      {
        "_id": null,
        "model": "kiestra tla/wca",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1286.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.703.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.668.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.744.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "_id": null,
        "model": "internet explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.35"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.31"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "25.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "57.0.2987.133"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1078.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.328.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.91"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.381.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.144"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.9.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1283.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.711.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.330"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.21"
      },
      {
        "_id": null,
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.511.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.686.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.147"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.797.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.14443"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.521.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.46"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.774.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.458.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.350.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.803.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.49"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.155"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.623.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.51"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.345.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.215"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.23"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1001.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.859.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.686.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1674.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.930.0"
      },
      {
        "_id": null,
        "model": "pyxis specimen collection verification",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.6"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.50"
      },
      {
        "_id": null,
        "model": "windows server r2 for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.562.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.9"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "55.0.2883.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.798.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.227"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.302"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.416.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1077.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.63"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.59"
      },
      {
        "_id": null,
        "model": "gencell clic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.647.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.937.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.90"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.123"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.26"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.277.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.3"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.71"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.350.1"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.136"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.27"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.12"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.867.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.329"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.746.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.38"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.12"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.19"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1287.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.753.0"
      },
      {
        "_id": null,
        "model": "chrome beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.92"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1038.0"
      },
      {
        "_id": null,
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.288.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.7"
      },
      {
        "_id": null,
        "model": "phoenix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "bactec fx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.496.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.294.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.728.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.85"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.7"
      },
      {
        "_id": null,
        "model": "chrome beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.824.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.706.0"
      },
      {
        "_id": null,
        "model": "lyse wash assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.453.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.35"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.933.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.585.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.557.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.80"
      },
      {
        "_id": null,
        "model": "enterprise linux eus compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.549.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.111"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.13"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.314.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.207"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.440.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.343.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1053.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.957.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.52"
      },
      {
        "_id": null,
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.573.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1055"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.806.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.13"
      },
      {
        "_id": null,
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.356.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.863.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.652.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.29"
      },
      {
        "_id": null,
        "model": "simatic ipc227e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.719.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.952.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.401.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.495.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1019"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.872.0"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort pro panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1022.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.36"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "46.0.2490.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.153"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.341.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.11"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.223"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1657.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1273.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.46"
      },
      {
        "_id": null,
        "model": "rowa vmax system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1274.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.954.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1056.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1303.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1015"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.714.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.8"
      },
      {
        "_id": null,
        "model": "pyxis parx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.22"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.150"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.230"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.67"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.172"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.942.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.50"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375125"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.128"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.720.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.904.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.114"
      },
      {
        "_id": null,
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.222.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.212"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.500.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.116"
      },
      {
        "_id": null,
        "model": "pyxis nursing data collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.22"
      },
      {
        "_id": null,
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1659.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1052.0"
      },
      {
        "_id": null,
        "model": "content analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.305.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.89"
      },
      {
        "_id": null,
        "model": "data innovations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1034"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.145"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.646.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.911.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.697.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.222"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.593.0"
      },
      {
        "_id": null,
        "model": "sql server for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "200840"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.667.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.100"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.928.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.20"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.339.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1060.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.70"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1031.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.626.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.37"
      },
      {
        "_id": null,
        "model": "facslyric",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.708.0"
      },
      {
        "_id": null,
        "model": "facscanto 10-color",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "v80"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.161"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.559.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.625.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.64"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1009.0"
      },
      {
        "_id": null,
        "model": "facsduet sample prep",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.680.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.326"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1062.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.203"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.659.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.881.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.800.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.37599"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.330.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1001"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.18"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1056"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.33"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.768.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.82"
      },
      {
        "_id": null,
        "model": "windows server for itanium-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.871.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.11"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.1.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1010.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.31"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.10.140.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1304.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.670.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.378.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.551.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1281.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.0"
      },
      {
        "_id": null,
        "model": "sinumerik d sl ncu720.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "840"
      },
      {
        "_id": null,
        "model": "sinumerik panels wtih integrated tcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1037"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.2"
      },
      {
        "_id": null,
        "model": "pyxis parassist system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.2"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "50.0.2661.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1060"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.126"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.611.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.547.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.300.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.509.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.387.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.382.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.290.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22"
      },
      {
        "_id": null,
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.33"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.386.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1056.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1670.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.839.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1281.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1277.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "18.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.38"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.764.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.616.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.66"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.82"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.4.154.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.22"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.45"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "45.0.2454"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.564.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1046"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.50"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.5"
      },
      {
        "_id": null,
        "model": "sql server for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201420"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1081.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.868.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.19"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.126.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.220"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.42"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.397.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.70"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.99"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.50"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201420"
      },
      {
        "_id": null,
        "model": "ipad air",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.491.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1054.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1017.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.535.1"
      },
      {
        "_id": null,
        "model": "enterprise linux server year extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-47.2"
      },
      {
        "_id": null,
        "model": "enterprise linux for scientific computing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1289.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.825.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.814.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.600.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.566.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.132"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.137"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "50.0.2661.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.877.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.860.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.475.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1070.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.958.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.94"
      },
      {
        "_id": null,
        "model": "simatic ipc847c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.415.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.10"
      },
      {
        "_id": null,
        "model": "enterprise linux eus compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.108"
      },
      {
        "_id": null,
        "model": "simatic itp1000",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v23.01.03"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1020.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.614.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.57"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.344.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.235"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.156.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.715.0"
      },
      {
        "_id": null,
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "kiestra inoqula standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.55"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.505.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1063.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.286.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.15"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.723.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.134"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.725.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.92"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "15.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.224"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.672.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.358.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.151"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.754.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.107"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.58"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.6"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1007"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1659.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.783.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "16.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1047"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1052"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.78"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.51"
      },
      {
        "_id": null,
        "model": "simatic ipc277e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1690.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.308"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.820.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1044.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.109"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.343"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.432.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.731.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.249.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.560.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.819.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.324.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1048"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.125"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1032.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.162"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.29"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.433.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.117"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.201"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.94"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.612.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "38.0.2125.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.153"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.4.154.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.201"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1687.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.22"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.903.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.672.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.733.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.749.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.113"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.762.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.719.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.12"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.271.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.813.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.7"
      },
      {
        "_id": null,
        "model": "assurity linc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.237"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.53"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.77"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.211"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.622.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.673.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.1"
      },
      {
        "_id": null,
        "model": "accuri c6 plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "simatic ipc477c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1063.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.187"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1055.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.383.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.790.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.465.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.319"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.33"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.658.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "51.0.2704.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1668.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.932.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.13"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "29.0.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.34"
      },
      {
        "_id": null,
        "model": "pyxis infant care verification",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.41"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "49.0.2623.108"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1064.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.23"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.686.0"
      },
      {
        "_id": null,
        "model": "pyxis supplystation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1651.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1003.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.95"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.322.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.391.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.6"
      },
      {
        "_id": null,
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1664.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.18"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.89"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "64.0.3282.167"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.81"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1031"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "58.0.3029.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1007.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.40"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.326.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1680.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.603.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.39"
      },
      {
        "_id": null,
        "model": "sinema remote connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.686.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.213"
      },
      {
        "_id": null,
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.23"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "36.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.32"
      },
      {
        "_id": null,
        "model": "simatic field pg m5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22.1.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1010"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.337"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.51"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.4"
      },
      {
        "_id": null,
        "model": "pyxis medstation console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "40000"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.15"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.27"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.170"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.33"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1051"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.98"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.112"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.87"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "22.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.45"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.896.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.417.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.218"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.334"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.657.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "37.0.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "52.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1049"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.331"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.667.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1057"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1673.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.689.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.39"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "43.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.55"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1288.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "40"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.390.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1655.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.707.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.38"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1081.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.50"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1011.1"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.9"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "47"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1067.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.44"
      },
      {
        "_id": null,
        "model": "communications lsms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1664.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.801.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "rowa smart",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1048.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.807.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.865.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.86"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.5.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1296.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.481.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.489.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.55"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "51.0.2704.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.97"
      },
      {
        "_id": null,
        "model": "pixel xl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.10.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.47"
      },
      {
        "_id": null,
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.50"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "45.0.2454.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "60.0.3080.5"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.96"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.572.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.29"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.356.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1055.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.93"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "18.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.786.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "36.0.1985.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.20"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.59"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1039.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.447.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.836.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.23"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.14"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.642.1"
      },
      {
        "_id": null,
        "model": "lsrfortessa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "x-200"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.216"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.591.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "45.0.2454.101"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.99"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.107"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.168"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "8.0.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1012.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.278.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.74"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.413.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.580.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.146"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.513.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.29"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.30"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "24.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1042"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.158.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.761.1"
      },
      {
        "_id": null,
        "model": "windows server r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.30"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.45"
      },
      {
        "_id": null,
        "model": "sinumerik pcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "50.5"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.130"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.765.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.100"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.108"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "26.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.53"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.553.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.494.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.745.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.484.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.62"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1061.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.829.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.360.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.482.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.32"
      },
      {
        "_id": null,
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "_id": null,
        "model": "totalys multiprocessor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1309.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.76"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "56"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.14"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20170"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.27"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "46.0.2490.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.677.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "16.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.890.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.437.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "47.0.2526.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.770.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.30"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "53"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "64.0.3282.134"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.364.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.507.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "47.0.2526.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.349.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.17"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "58.0.3029.96"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.322.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.63"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1297.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1026"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.53"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.9.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.33"
      },
      {
        "_id": null,
        "model": "simatic ipc627d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1068.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.762.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.369.1"
      },
      {
        "_id": null,
        "model": "simatic ipc427c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.723.1"
      },
      {
        "_id": null,
        "model": "enterprise linux server year extended upd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-47.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.884.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1038"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1068.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.621.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.310"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1006"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.811.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.499.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.709.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.882.0"
      },
      {
        "_id": null,
        "model": "alaris systems manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1002.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "60.0.3112.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.384.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.157.2"
      },
      {
        "_id": null,
        "model": "simatic hmi ktp mobile panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.134"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.721.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.76"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.529.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.503.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.563.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.750.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.24"
      },
      {
        "_id": null,
        "model": "chrome beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.193.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.771.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.603.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.43"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "44.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.8"
      },
      {
        "_id": null,
        "model": "enterprise linux for power little endian extended update supp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.906.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.169.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.114"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.202"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.363.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.60"
      },
      {
        "_id": null,
        "model": "simatic ipc547e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1306.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.601.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.52"
      },
      {
        "_id": null,
        "model": "panel designer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.812.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.944.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "57.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.635.0"
      },
      {
        "_id": null,
        "model": "simatic s7-1518f-4 pn/dp odk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.96"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1660.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1047.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.44"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.37"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.473.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.441.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1012.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1040"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1037.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.115"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "32.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.104"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.53"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.426.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.752.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.43"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.33"
      },
      {
        "_id": null,
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5x"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.834.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.327.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1654.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.49"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.401.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.112"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.22"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.493.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.216"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.103"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "64.0.3282.144"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.327"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.186"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.956.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1662.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.49"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.9"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1183.0"
      },
      {
        "_id": null,
        "model": "sinumerik tcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "30.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.217"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.6.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491036"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.108"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "45.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.522.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "49.0.2623.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.23"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.5"
      },
      {
        "_id": null,
        "model": "sinumerik d sl ncu720.3b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "840"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.12"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "61.0.3163.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.622.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.91"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.159"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1062.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.152.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.556.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.161"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.772.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.322.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.125"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1059.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.398.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.404.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.140"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.531.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "47.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.53"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.321"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.45"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.870.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1006.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.91"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1653.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "28.0"
      },
      {
        "_id": null,
        "model": "pyxis anesthesia es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.204"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.58"
      },
      {
        "_id": null,
        "model": "enterprise linux for power little endian extended update supp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.551.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1083.0"
      },
      {
        "_id": null,
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "62.0.3202.89"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.301"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.335"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.695.0"
      },
      {
        "_id": null,
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.39"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1021"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1688.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.325"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.24"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.732.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1290.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.26"
      },
      {
        "_id": null,
        "model": "vcloud usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.712.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "49.0.2566.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1286.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.558.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.2"
      },
      {
        "_id": null,
        "model": "simatic ipc827c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.822.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.120"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.665.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.629.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "49"
      },
      {
        "_id": null,
        "model": "sql server r2 for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "200830"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1012.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.339"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.15"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.763.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.947.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1276.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.168"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.878.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "19.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.42"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "57.0.4"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.542.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1663.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.48"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.837.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1014"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.529.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.70"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "_id": null,
        "model": "simatic ipc847d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.324"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.929.0"
      },
      {
        "_id": null,
        "model": "simatic ipc547g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.510.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.3.1549"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.410.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.787.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.323"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.292.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.405.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.212.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.684.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.796.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.153.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.35"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.134.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1076.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1307.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.928.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.757.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.360.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.15"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.79"
      },
      {
        "_id": null,
        "model": "facscelesta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.20"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.55"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.249.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.31"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.45"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.40"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "50.0.2661.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.832.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1066.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.702.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.316"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.514.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1284.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.221.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "24.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.403.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.55"
      },
      {
        "_id": null,
        "model": "simatic field pg m5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "43.0.2357"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "33.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.304.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1018.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.360.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1278.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.229"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.572.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.146"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.139"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.22"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.60"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1282.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1057.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.303.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.100"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3"
      },
      {
        "_id": null,
        "model": "pyxis scrubstation system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.26"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "18.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.20"
      },
      {
        "_id": null,
        "model": "pyxis anesthesia system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "35000"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.436.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1030.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.44"
      },
      {
        "_id": null,
        "model": "xeon cpu e5-1650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "v30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.340"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1689.2"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.889.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.343"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.531.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.679.0"
      },
      {
        "_id": null,
        "model": "veritor plus system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.57"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.300"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.893.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.644.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.173"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.570.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.17"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.313.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.351.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.887.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "30.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1288.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.36"
      },
      {
        "_id": null,
        "model": "content analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1498.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.793.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.151"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1301.0"
      },
      {
        "_id": null,
        "model": "facsvia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pixel c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.205"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.29"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.8"
      },
      {
        "_id": null,
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1043.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1000.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "46.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.19"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.317"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.204"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.909.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.886.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.14"
      },
      {
        "_id": null,
        "model": "simatic ipc477e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.318"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.936.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.488.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.526.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.808.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.287.0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "28.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.584.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1042.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.302.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.369.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.907.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.120"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "25.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.29"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1685.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.108"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "29.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.823.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.791.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.577.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "44.0.2403.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1061.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.91"
      },
      {
        "_id": null,
        "model": "simatic ipc347e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.676.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.210"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.525.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.490.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.681.0"
      },
      {
        "_id": null,
        "model": "viper lt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pyxis procedurestation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.495.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.500.0"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.309"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.97"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.214"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1050"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.135"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.11"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.4"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4419.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.416.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.950.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.8"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "200840"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.613.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.32"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.182.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1276.0"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.163"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1281.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1049.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.304"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.162"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.18"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.305"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.862.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.464.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.682.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.940.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.22"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1683.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.151"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.376.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1077.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1025"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.921.3"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.10"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.5.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.54"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.155"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.538.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.519.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1041.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.69"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.561.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1306.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1311.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.586.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.928.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.766.0"
      },
      {
        "_id": null,
        "model": "simatic ipc677c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.28"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.34"
      },
      {
        "_id": null,
        "model": "vcloud usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.740.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.125"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.50"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.603.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.45"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.529.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.95"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.399.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.203"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.126"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.830.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.131"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.687.1"
      },
      {
        "_id": null,
        "model": "chrome beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.249.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.925.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.499.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.864.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "38.0.2125.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.40"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.447.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.43"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1076.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.72"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "14.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.458.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.208"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1682.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.959.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.27"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.624.0"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.156"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.639.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.612.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.26"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "42.0.2311.135"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1293.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1668.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1654.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.698.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1079.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.338"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.598.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1287.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.30"
      },
      {
        "_id": null,
        "model": "simatic ipc377e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.894.0"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.5.3"
      },
      {
        "_id": null,
        "model": "virtualization host",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1061"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.906.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.954.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.737.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1284.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.237"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.445.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.214"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.514.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1444.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1672.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.53"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.275.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "13.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.52"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.827.10"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "53.0.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.320"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "58.0.3029.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.311"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.693.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.736.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1069.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1668.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1019.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.606.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.438.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.775.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.62"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.11"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.14.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.209"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.113"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201610"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1299.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.226"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.869.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.738.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "27.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.7"
      },
      {
        "_id": null,
        "model": "fx -8320 eight-core processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "amd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.102"
      },
      {
        "_id": null,
        "model": "macos supplemental",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.231"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.32"
      },
      {
        "_id": null,
        "model": "enterprise linux eus compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.18"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.54"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20160"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.578.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.958.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.380.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.21"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.28"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.809.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.50"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1681.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.361.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1018"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.4.154.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.701.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.54"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.780.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.605.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1051.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.51"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.49"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.663.0"
      },
      {
        "_id": null,
        "model": "pyxis ciisafe -workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.537.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1275.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.133"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1046.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1062"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.934.0"
      },
      {
        "_id": null,
        "model": "simatic hmi basic panels 2nd generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.928.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.490.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1020"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.469.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1080.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.67"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.951.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.130"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.414.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.52"
      },
      {
        "_id": null,
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.332"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.108"
      },
      {
        "_id": null,
        "model": "simatic field pg m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.18"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.688.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1050.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.479.0"
      },
      {
        "_id": null,
        "model": "pyxis parx handheld",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.960.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.838.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.394.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.41"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.718.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.503.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.890.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1057.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "41.0.2272.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.528.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.30"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.25"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1676.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491064"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1023.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.325.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1010.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.724.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.431.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.498.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.51"
      },
      {
        "_id": null,
        "model": "facscalibur",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.612.3"
      },
      {
        "_id": null,
        "model": "facscanto 10-color clinical",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.406.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.938.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.515.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1294.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.36"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "_id": null,
        "model": "viper xtr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.55"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.445.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.409.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.775.4"
      },
      {
        "_id": null,
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.315.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.119"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.54"
      },
      {
        "_id": null,
        "model": "enterprise linux for power little endian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.21"
      },
      {
        "_id": null,
        "model": "facsaria i/ii/iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.741.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.27"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.170.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.588.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.59"
      },
      {
        "_id": null,
        "model": "windows server for x64-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.75"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "41.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1045.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.799.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.511.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1073.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.792.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "24.1.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.35"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.9"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "43.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1667.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.322"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.33"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1279.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.169.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.272.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.97"
      },
      {
        "_id": null,
        "model": "pyxis medstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "35000"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.411.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.47"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.367.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1016"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1045"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.634.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.454.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.79"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.53"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1029.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.337.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.507.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.54"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1032"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1302.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.827.0"
      },
      {
        "_id": null,
        "model": "lsrfortessa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.642.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.945.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.151"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "52.0.2743.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1666.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "44.0.2403"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.895.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.355.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.6"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "57.0.2987.137"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.95"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.5"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.308.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "50.0.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "19.0.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.44"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1272.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.234"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.171"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.0"
      },
      {
        "_id": null,
        "model": "pixel xl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.650.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "51.0.2704.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.338.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.451.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.135"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.114"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.59"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.156"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1301.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.222.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.868.0"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1304.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1671.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1017.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.15"
      },
      {
        "_id": null,
        "model": "pyxis cubie replenishment station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.427.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.5"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "19.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1024"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "14.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.276.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.933.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.642.0"
      },
      {
        "_id": null,
        "model": "cortex a57",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arm",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.574.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.936.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.317.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "39.0.2171.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.320.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.72"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "32.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.946.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.888.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.5"
      },
      {
        "_id": null,
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1307.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.224.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1678.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.33"
      },
      {
        "_id": null,
        "model": "ruggedcom ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.704.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.149"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.60"
      },
      {
        "_id": null,
        "model": "bactec fx40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1035"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.288.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1291.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.59"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9"
      },
      {
        "_id": null,
        "model": "vcloud usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.3.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.57"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.632.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.158"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.154"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.328"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.889.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "_id": null,
        "model": "simatic et 200sp open controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.899.0"
      },
      {
        "_id": null,
        "model": "windows for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1029"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.571.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.30"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.79"
      },
      {
        "_id": null,
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1677.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.19"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.911.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.734.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.954.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.667.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.38"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1310.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.34"
      },
      {
        "_id": null,
        "model": "pyxis transfusion verification",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.131.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.342"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.512"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.35"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.485.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.678.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.16"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.372.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.949.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "23.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.638.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.99"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.392.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "32"
      },
      {
        "_id": null,
        "model": "enterprise linux server extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.212"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.302.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1063"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.710.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.206"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.289.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.49"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.620.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1685.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.568.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.735.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "50.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.487.0"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.5.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.302.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.129"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.9"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.590.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.113"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.827.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.23"
      },
      {
        "_id": null,
        "model": "carrier routing system 6.6.0.base",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.332.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.953.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.666.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1071.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1013.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.73"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "61.0.3163.113"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.275.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.340.0"
      },
      {
        "_id": null,
        "model": "facsaria fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.373.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.87"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "49.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.32"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.0"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.353.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "61.0.3163.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.43"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.84"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.470.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.461.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "22.04917"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1285.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.446.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.5"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.1"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.357.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.459.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.541.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.221"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.333.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.779.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.307"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.127"
      },
      {
        "_id": null,
        "model": "chrome beta mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1027"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.396.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.428.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.612.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1035.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "23.0.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.21"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.767.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.891.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.460.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.14"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.9"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1001.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.87"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "34.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.75"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1053"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.455.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1014.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "21.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.220"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.210"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.449.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.142"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.911.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.497.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.576.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1015.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.795.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.87"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "42.0.2311.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.213"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1010.2"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.12"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.148"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.437.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1682.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.99"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.751.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.636.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.313"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.360.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.64"
      },
      {
        "_id": null,
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1670.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.456.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.12"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.47"
      },
      {
        "_id": null,
        "model": "communications lsms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.831.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.38"
      },
      {
        "_id": null,
        "model": "innova",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.550.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.583.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.317.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.595.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1009"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.131"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.108"
      },
      {
        "_id": null,
        "model": "proliant dl385 gen10 server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.02"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.3.154.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.866.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.34"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "52.0.2743.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1673.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.35"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.131"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.128"
      },
      {
        "_id": null,
        "model": "enterprise linux server year extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-47.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.653.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1656.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.713.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.643.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1057.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.228"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.144"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.5"
      },
      {
        "_id": null,
        "model": "bactec",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "9120/92400"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.504.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.767.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1292.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1058.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "62.0.3202.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.129"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.218"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.68"
      },
      {
        "_id": null,
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.359.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.205"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.78"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.565.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.567.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.2"
      },
      {
        "_id": null,
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.37586"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.238"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.656.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1011"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1033.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.788.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.691.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "145717"
      },
      {
        "db": "PACKETSTORM",
        "id": "145641"
      },
      {
        "db": "PACKETSTORM",
        "id": "145721"
      },
      {
        "db": "PACKETSTORM",
        "id": "145658"
      },
      {
        "db": "PACKETSTORM",
        "id": "145666"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2017-5753",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2017-5753",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2018-00304",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-113956",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.1,
            "id": "CVE-2017-5753",
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-5753",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-00304",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-113956",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \\\"melts\\\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \\\"cross-border\\\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:\n\nRHEL 7-based RHEV-H ELS - noarch\nRHEV Hypervisor for RHEL-6 ELS - noarch\n\n3. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03805en_us\nVersion: 5\n\nHPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel,\nAMD, and ARM, with Speculative Execution, Elevation of Privilege and\nInformation Disclosure. \n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-01-18\nLast Updated: 2018-01-17\n\nPotential Security Impact: Local: Disclosure of Information, Elevation of\nPrivilege\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nOn January 3 2018, side-channel security vulnerabilities involving\nspeculative execution were publicly disclosed. These vulnerabilities may\nimpact the listed HPE products, potentially leading to information disclosure\nand elevation of privilege. Mitigation and resolution of these\nvulnerabilities may call for both an operating system update, provided by the\nOS vendor, and a system ROM update from HPE. \n\n\n**Note:**\n\n  * This issue takes advantage of techniques commonly used in many modern\nprocessor architectures.  \n  * For further information, microprocessor vendors have provided security\nadvisories:\n  \n    - Intel:\n\u003chttps://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu\ngeid=en-fr\u003e\n    - AMD: \u003chttp://www.amd.com/en/corporate/speculative-execution\u003e\n    - ARM: \u003chttps://developer.arm.com/support/security-update\u003e\n\nReferences:\n\n  - PSRT110635\n  - PSRT110634\n  - PSRT110633\n  - PSRT110632\n  - CVE-2017-5715 - aka Spectre, branch target injection\n  - CVE-2017-5753 - aka Spectre,  bounds check bypass\n  - CVE-2017-5754 - aka  Meltdown,  rogue data cache load, memory access\npermission check performed after kernel memory read\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HPE ProLiant DL380 Gen10 Server prior to v1.28\n  - HPE ProLiant DL180 Gen10 Server prior to v1.28\n  - HPE ProLiant DL160 Gen10 Server prior to v1.28\n  - HPE ProLiant DL360 Gen10 Server prior to v1.28\n  - HPE ProLiant ML110 Gen10 Server prior to v1.28\n  - HPE ProLiant DL580 Gen10 Server prior to v1.28\n  - HPE ProLiant DL560 Gen10 Server prior to v1.28\n  - HPE ProLiant DL120 Gen10 Server prior to v1.28\n  - HPE ProLiant ML350 Gen10 Server prior to v1.28\n  - HPE ProLiant XL450 Gen10 Server prior to v1.28\n  - HPE Synergy 660 Gen10 Compute Module prior to v1.28\n  - HPE ProLiant XL170r Gen10 Server prior to v1.28\n  - HPE ProLiant BL460c Gen10 Server Blade prior to v1.28\n  - HPE ProLiant XL190r Gen10 Server prior to v1.28\n  - HPE ProLiant XL230k Gen10 Server prior to v1.28\n  - HPE ProLiant DL385 Gen10 Server prior to v1.04\n  - HPE Synergy 480 Gen10 Compute Module prior to v1.28\n  - HPE ProLiant ML350 Gen10 Server prior to v1.28\n  - HPE ProLiant XL730f Gen9 Server To be delivered\n  - HPE ProLiant XL230a Gen9 Server To be delivered\n  - HPE ProLiant XL740f Gen9 Server To be delivered\n  - HPE ProLiant XL750f Gen9 Server To be delivered\n  - HPE ProLiant XL170r Gen9 Server To be delivered\n  - HP ProLiant DL60 Gen9 Server To be delivered\n  - HPE ProLiant XL450 Gen9 Server To be delivered\n  - HP ProLiant DL160 Gen9 Server To be delivered\n  - HPE Apollo 4200 Gen9 Server To be delivered\n  - HP ProLiant BL460c Gen9 Server Blade To be delivered\n  - HP ProLiant ML110 Gen9 Server To be delivered\n  - HP ProLiant ML150 Gen9 Server To be delivered\n  - HPE ProLiant ML350 Gen9 Server To be delivered\n  - HP ProLiant DL380 Gen9 Server To be delivered\n  - HP ProLiant DL120 Gen9 Server To be delivered\n  - HPE ProLiant DL560 Gen9 Server To be delivered\n  - HP ProLiant BL660c Gen9 Server To be delivered\n  - HPE ProLiant DL20 Gen9 Server To be delivered\n  - HPE Synergy 660 Gen9 Compute Module To be delivered\n  - HPE Synergy 480 Gen9 Compute Module To be delivered\n  - HPE ProLiant ML30 Gen9 Server To be delivered\n  - HPE ProLiant XL250a Gen9 Server To be delivered\n  - HPE ProLiant XL190r Gen9 Server To be delivered\n  - HP ProLiant DL80 Gen9 Server To be delivered\n  - HPE ProLiant DL180 Gen9 Server To be delivered\n  - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server To\nbe delivered\n  - HPE ProLiant WS460c Gen9 Workstation To be delivered\n  - HPE ProLiant XL260a Gen9 Server To be delivered\n  - HPE Synergy 620 Gen9 Compute Module To be delivered\n  - HPE ProLiant DL580 Gen9 Server To be delivered\n  - HPE Synergy 680 Gen9 Compute Module To be delivered\n  - HPE ProLiant m510 Server Cartridge prior to v1.62\n  - HPE ProLiant m710p Server Cartridge prior to v12/12/2017\n  - HPE ProLiant m710x Server Cartridge prior to v1.60\n  - HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60)\n  - HPE Synergy Composer prior to 12/12/2017\n  - HPE Integrity Superdome X with BL920s Blades prior to 8.8.6\n  - HP ProLiant DL360 Gen9 Server prior to 2.3.110\n  - HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017\n  - HPE ProLiant ML10 v2 Server prior to 12/12/2017\n  - HPE ProLiant m350 Server Cartridge prior to v1/15/2018\n  - HPE ProLiant m300 Server Cartridge prior to v1/15/2018\n  - HPE ProLiant MicroServer Gen8 prior to 12/12/2017\n  - HPE ProLiant ML310e Gen8 v2 Server prior to v12/12/2017\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2017-5715\n      8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N\n      6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)\n\n    CVE-2017-5753\n      5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L\n      5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2017-5754\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n      7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following system ROM updates which include an updated\nmicrocode to resolve the vulnerability:\n\n  * HPE has provided a customer bulletin\n\u003chttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us\u003e\nwith specific instructions to obtain the udpated sytem ROM\n  \n  - Note:\n   \n    + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a\nvendor supplied operating system update be applied as well. \n    + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only\nupdates of a vendor supplied operating system. \n    + HPE will continue to add additional products to the list. \n\nHISTORY\n\nVersion:1 (rev.1) - 4 January 2018 Initial release\n\nVersion:2 (rev.2) - 5 January 2018 Added additional impacted products\n\nVersion:3 (rev.3) - 10 January 2018 Added  more impacted products\n\nVersion:4 (rev.4) - 9 January 2018 Fixed product ID\n\nVersion:5 (rev.5) - 18 January 2018 Added additional impacted products\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1                   security@debian.org\nhttps://www.debian.org/security/                            Ben Hutchings\nMay 01, 2018                          https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : linux\nCVE ID         : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n                 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n                 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n                 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n                 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n                 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n                 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n                 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n                 CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. \n\nCVE-2015-9016\n\n    Ming Lei reported a race condition in the multiqueue block layer\n    (blk-mq).  On a system with a driver using blk-mq (mtip32xx,\n    null_blk, or virtio_blk), a local user might be able to use this\n    for denial of service or possibly for privilege escalation. \n\nCVE-2017-0861\n\n    Robb Glasser reported a potential use-after-free in the ALSA (sound)\n    PCM core.  We believe this was not possible in practice. \n\nCVE-2017-5715\n\n    Multiple researchers have discovered a vulnerability in various\n    processors supporting speculative execution, enabling an attacker\n    controlling an unprivileged process to read memory from arbitrary\n    addresses, including from the kernel and all other processes\n    running on the system. \n\n    This specific attack has been named Spectre variant 2 (branch\n    target injection) and is mitigated for the x86 architecture (amd64\n    and i386) by using the \"retpoline\" compiler feature which allows\n    indirect branches to be isolated from speculative execution. \n\nCVE-2017-5753\n\n    Multiple researchers have discovered a vulnerability in various\n    processors supporting speculative execution, enabling an attacker\n    controlling an unprivileged process to read memory from arbitrary\n    addresses, including from the kernel and all other processes\n    running on the system. \n\n    This specific attack has been named Spectre variant 1\n    (bounds-check bypass) and is mitigated by identifying vulnerable\n    code sections (array bounds checking followed by array access) and\n    replacing the array access with the speculation-safe\n    array_index_nospec() function. \n\n    More use sites will be added over time. \n\nCVE-2017-13166\n\n    A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n    code has been found. Memory protections ensuring user-provided\n    buffers always point to userland memory were disabled, allowing\n    destination addresses to be in kernel space. On a 64-bit kernel a\n    local user with access to a suitable video device can exploit this\n    to overwrite kernel memory, leading to privilege escalation. \n\nCVE-2017-13220\n\n    Al Viro reported that the Bluetooth HIDP implementation could\n    dereference a pointer before performing the necessary type check. \n    A local user could use this to cause a denial of service. \n\nCVE-2017-16526\n\n    Andrey Konovalov reported that the UWB subsystem may dereference\n    an invalid pointer in an error case.  A local user might be able\n    to use this for denial of service. \n\nCVE-2017-16911\n\n    Secunia Research reported that the USB/IP vhci_hcd driver exposed\n    kernel heap addresses to local users. \n\nCVE-2017-16912\n\n    Secunia Research reported that the USB/IP stub driver failed to\n    perform a range check on a received packet header field, leading\n    to an out-of-bounds read.  A remote user able to connect to the\n    USB/IP server could use this for denial of service. \n\nCVE-2017-16913\n\n    Secunia Research reported that the USB/IP stub driver failed to\n    perform a range check on a received packet header field, leading\n    to excessive memory allocation.  A remote user able to connect to\n    the USB/IP server could use this for denial of service. \n\nCVE-2017-16914\n\n    Secunia Research reported that the USB/IP stub driver failed to\n    check for an invalid combination of fields in a received packet,\n    leading to a null pointer dereference.  A remote user able to\n    connect to the USB/IP server could use this for denial of service. \n\nCVE-2017-18017\n\n    Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n    failed to validate TCP header lengths, potentially leading to a\n    use-after-free.  If this module is loaded, it could be used by a\n    remote attacker for denial of service or possibly for code\n    execution. \n\nCVE-2017-18203\n\n    Hou Tao reported that there was a race condition in creation and\n    deletion of device-mapper (DM) devices.  A local user could\n    potentially use this for denial of service. \n\nCVE-2017-18216\n\n    Alex Chen reported that the OCFS2 filesystem failed to hold a\n    necessary lock during nodemanager sysfs file operations,\n    potentially leading to a null pointer dereference.  A local user\n    could use this for denial of service. \n\nCVE-2017-18232\n\n    Jason Yan reported a race condition in the SAS (Serial-Attached\n    SCSI) subsystem, between probing and destroying a port.  This\n    could lead to a deadlock.  A physically present attacker could\n    use this to cause a denial of service. \n\nCVE-2017-18241\n\n    Yunlei He reported that the f2fs implementation does not properly\n    initialise its state if the \"noflush_merge\" mount option is used. \n    A local user with access to a filesystem mounted with this option\n    could use this to cause a denial of service. \n\nCVE-2018-1066\n\n    Dan Aloni reported to Red Hat that the CIFS client implementation\n    would dereference a null pointer if the server sent an invalid\n    response during NTLMSSP setup negotiation.  This could be used\n    by a malicious server for denial of service. \n\nCVE-2018-1068\n\n    The syzkaller tool found that the 32-bit compatibility layer of\n    ebtables did not sufficiently validate offset values. On a 64-bit\n    kernel, a local user with the CAP_NET_ADMIN capability (in any user\n    namespace) could use this to overwrite kernel memory, possibly\n    leading to privilege escalation. Debian disables unprivileged user\n    namespaces by default. \n\nCVE-2018-1092\n\n    Wen Xu reported that a crafted ext4 filesystem image would\n    trigger a null dereference when mounted.  A local user able\n    to mount arbitrary filesystems could use this for denial of\n    service. \n\nCVE-2018-5332\n\n    Mohamed Ghannam reported that the RDS protocol did not\n    sufficiently validate RDMA requests, leading to an out-of-bounds\n    write.  A local attacker on a system with the rds module loaded\n    could use this for denial of service or possibly for privilege\n    escalation. \n\nCVE-2018-5333\n\n    Mohamed Ghannam reported that the RDS protocol did not properly\n    handle an error case, leading to a null pointer dereference.  A\n    local attacker on a system with the rds module loaded could\n    possibly use this for denial of service. \n\nCVE-2018-5750\n\n    Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n    address. \n\nCVE-2018-5803\n\n    Alexey Kodanev reported that the SCTP protocol did not range-check\n    the length of chunks to be created.  A local or remote user could\n    use this to cause a denial of service. \n\nCVE-2018-6927\n\n    Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n    not check for negative parameter values, which might lead to a\n    denial of service or other security impact. \n\nCVE-2018-7492\n\n    The syzkaller tool found that the RDS protocol was lacking a null\n    pointer check.  A local attacker on a system with the rds module\n    loaded could use this for denial of service. \n\nCVE-2018-7566\n\n    Fan LongFei reported a race condition in the ALSA (sound)\n    sequencer core, between write and ioctl operations.  This could\n    lead to an out-of-bounds access or use-after-free.  A local user\n    with access to a sequencer device could use this for denial of\n    service or possibly for privilege escalation. \n\nCVE-2018-7740\n\n    Nic Losby reported that the hugetlbfs filesystem\u0027s mmap operation\n    did not properly range-check the file offset.  A local user with\n    access to files on a hugetlbfs filesystem could use this to cause\n    a denial of service. \n\nCVE-2018-7757\n\n    Jason Yan reported a memory leak in the SAS (Serial-Attached\n    SCSI) subsystem.  A local user on a system with SAS devices\n    could use this to cause a denial of service. \n\nCVE-2018-7995\n\n    Seunghun Han reported a race condition in the x86 MCE\n    (Machine Check Exception) driver.  This is unlikely to have\n    any security impact. \n\nCVE-2018-8781\n\n    Eyal Itkin reported that the udl (DisplayLink) driver\u0027s mmap\n    operation did not properly range-check the file offset.  A local\n    user with access to a udl framebuffer device could exploit this to\n    overwrite kernel memory, leading to privilege escalation. \n\nCVE-2018-8822\n\n    Dr Silvio Cesare of InfoSect reported that the ncpfs client\n    implementation did not validate reply lengths from the server.  An\n    ncpfs server could use this to cause a denial of service or\n    remote code execution in the client. \n\nCVE-2018-1000004\n\n    Luo Quan reported a race condition in the ALSA (sound) sequencer\n    core, between multiple ioctl operations.  This could lead to a\n    deadlock or use-after-free.  A local user with access to a\n    sequencer device could use this for denial of service or possibly\n    for privilege escalation. \n\nCVE-2018-1000199\n\n    Andy Lutomirski discovered that the ptrace subsystem did not\n    sufficiently validate hardware breakpoint settings.  Local users\n    can use this to cause a denial of service, or possibly for\n    privilege escalation, on x86 (amd64 and i386) and possibly other\n    architectures. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY\nAXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E\nhDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH\naF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7\nOukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS\nH8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65\nUHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd\nHl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/\nkKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A\n5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s\nCxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8=\n=wNQS\n-----END PGP SIGNATURE-----\n. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. \n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a commonly\nused performance optimization). There are three primary variants of the\nissue which differ in the way the speculative execution can be exploited. \n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software mitigation\nfor this hardware issue at a cost of potential performance penalty. Please\nrefer to References section for further information about this issue and\nthe performance impact. \n\nIn this update mitigations for x86-64 architecture are provided. \n\nVariant CVE-2017-5753 triggers the speculative execution by performing a\nbounds-check bypass. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nand guest/host boundaries and read privileged memory by conducting targeted\ncache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors,\nduring speculative execution of instruction permission faults, exception\ngeneration triggered by a faulting access is suppressed until the\nretirement of the whole instruction block. In a combination with the fact\nthat memory accesses may populate the cache even when the block is being\ndropped and never committed (executed), an unprivileged local attacker\ncould use this flaw to read privileged (kernel space) memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue. \n\nRed Hat would like to thank Google Project Zero for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass\n1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection\n1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nppc64:\nkernel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-headers-2.6.32-696.18.7.el6.ppc64.rpm\nperf-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-headers-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm\nperf-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nppc64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://access.redhat.com/security/cve/CVE-2017-5753\nhttps://access.redhat.com/security/cve/CVE-2017-5715\nhttps://access.redhat.com/security/cve/CVE-2017-5754\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O\nOR+iGnoY+cALbsBWKwbmzQM=\n=V4ow\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\nImage Updates for RHV-H - noarch\nManagement Agent for RHEL 7 Hosts - noarch\n\n3. The appliance is available\nto download as an OVA file from the Customer Portal. 6.5) - x86_64\n\n3. 7) - noarch, x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n==========================================================================\nUbuntu Security Notice USN-3541-2\nJanuary 23, 2018\n\nlinux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were addressed in the Linux kernel. This update provides the corresponding updates for the\nLinux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu\n16.04 LTS. This flaw is known as Spectre. \n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu\n17.10 for Ubuntu 16.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  linux-image-4.13.0-1006-azure   4.13.0-1006.8\n  linux-image-4.13.0-1007-gcp     4.13.0-1007.10\n  linux-image-4.13.0-1017-oem     4.13.0-1017.18\n  linux-image-4.13.0-31-generic   4.13.0-31.34~16.04.1\n  linux-image-4.13.0-31-lowlatency  4.13.0-31.34~16.04.1\n  linux-image-azure               4.13.0.1006.7\n  linux-image-gcp                 4.13.0.1007.9\n  linux-image-generic-hwe-16.04   4.13.0.31.51\n  linux-image-gke                 4.13.0.1007.9\n  linux-image-lowlatency-hwe-16.04  4.13.0.31.51\n  linux-image-oem                 4.13.0.1017.21\n\nPlease note that fully mitigating CVE-2017-5715 (Spectre Variant 2)\nrequires corresponding processor microcode/firmware updates or,\nin virtual environments, hypervisor updates. On i386 and amd64\narchitectures, the IBRS and IBPB features are required to enable the\nkernel mitigations. Ubuntu is working with Intel and AMD to provide\nfuture microcode updates that implement IBRS and IBPB as they are made\navailable. Ubuntu users with a processor from a different vendor should\ncontact the vendor to identify necessary firmware updates. Ubuntu\nwill provide corresponding QEMU updates in the future for users of\nself-hosted virtual environments in coordination with upstream QEMU. \nUbuntu users in cloud environments should contact the cloud provider\nto confirm that the hypervisor has been updated to expose the new\nCPU features to virtual machines",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "PACKETSTORM",
        "id": "146015"
      },
      {
        "db": "PACKETSTORM",
        "id": "145717"
      },
      {
        "db": "PACKETSTORM",
        "id": "146501"
      },
      {
        "db": "PACKETSTORM",
        "id": "145964"
      },
      {
        "db": "PACKETSTORM",
        "id": "147451"
      },
      {
        "db": "PACKETSTORM",
        "id": "145641"
      },
      {
        "db": "PACKETSTORM",
        "id": "146014"
      },
      {
        "db": "PACKETSTORM",
        "id": "145721"
      },
      {
        "db": "PACKETSTORM",
        "id": "145658"
      },
      {
        "db": "PACKETSTORM",
        "id": "145666"
      },
      {
        "db": "PACKETSTORM",
        "id": "146019"
      }
    ],
    "trust": 3.51
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-113956",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5753",
        "trust": 3.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#584653",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "102371",
        "trust": 2.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#180049",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040071",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-505225",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-608355",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145645",
        "trust": 1.1
      },
      {
        "db": "LENOVO",
        "id": "LEN-18282",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "43427",
        "trust": 1.1
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2018-003",
        "trust": 1.1
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2018-002",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA18-141A",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304",
        "trust": 0.6
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-18-011-01E",
        "trust": 0.3
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-18-011-01C",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10842",
        "trust": 0.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-168644",
        "trust": 0.3
      },
      {
        "db": "JVN",
        "id": "JVNVU93823979",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "145837",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145774",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150863",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145715",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-150",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146015",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145717",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146501",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145964",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147451",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145641",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145721",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145658",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145666",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146019",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "PACKETSTORM",
        "id": "146015"
      },
      {
        "db": "PACKETSTORM",
        "id": "145717"
      },
      {
        "db": "PACKETSTORM",
        "id": "146501"
      },
      {
        "db": "PACKETSTORM",
        "id": "145964"
      },
      {
        "db": "PACKETSTORM",
        "id": "147451"
      },
      {
        "db": "PACKETSTORM",
        "id": "145641"
      },
      {
        "db": "PACKETSTORM",
        "id": "146014"
      },
      {
        "db": "PACKETSTORM",
        "id": "145721"
      },
      {
        "db": "PACKETSTORM",
        "id": "145658"
      },
      {
        "db": "PACKETSTORM",
        "id": "145666"
      },
      {
        "db": "PACKETSTORM",
        "id": "146019"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "id": "VAR-201801-1712",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      }
    ],
    "trust": 1.3252307744444445
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      }
    ]
  },
  "last_update_date": "2026-04-10T23:37:25.913000Z",
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.kb.cert.org/vuls/id/584653"
      },
      {
        "trust": 1.9,
        "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/102371"
      },
      {
        "trust": 1.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
      },
      {
        "trust": 1.6,
        "url": "https://support.apple.com//ht208394"
      },
      {
        "trust": 1.6,
        "url": "http://www.dell.com/support/speculative-store-bypass"
      },
      {
        "trust": 1.4,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180104-cpusidechannel"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.4,
        "url": "http://xenbits.xen.org/xsa/advisory-254.html"
      },
      {
        "trust": 1.4,
        "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
      },
      {
        "trust": 1.4,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002"
      },
      {
        "trust": 1.4,
        "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
      },
      {
        "trust": 1.4,
        "url": "https://spectreattack.com/"
      },
      {
        "trust": 1.4,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/jun/36"
      },
      {
        "trust": 1.1,
        "url": "https://www.kb.cert.org/vuls/id/180049"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
      },
      {
        "trust": 1.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-001.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2019-003.txt"
      },
      {
        "trust": 1.1,
        "url": "https://aws.amazon.com/de/security/security-bulletins/aws-2018-013/"
      },
      {
        "trust": 1.1,
        "url": "https://cdrdv2.intel.com/v1/dl/getcontent/685359"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
      },
      {
        "trust": 1.1,
        "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
      },
      {
        "trust": 1.1,
        "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
      },
      {
        "trust": 1.1,
        "url": "https://support.citrix.com/article/ctx231399"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k91229003"
      },
      {
        "trust": 1.1,
        "url": "https://support.lenovo.com/us/en/solutions/len-18282"
      },
      {
        "trust": 1.1,
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
      },
      {
        "trust": 1.1,
        "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
      },
      {
        "trust": 1.1,
        "url": "https://www.synology.com/support/security/synology_sa_18_01"
      },
      {
        "trust": 1.1,
        "url": "https://www.vmware.com/us/security/advisories/vmsa-2018-0002.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2018/dsa-4187"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2018/dsa-4188"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/43427/"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201810-06"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/145645/spectre-information-disclosure-proof-of-concept.html"
      },
      {
        "trust": 1.1,
        "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
      },
      {
        "trust": 1.1,
        "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0292"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1040071"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3540-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3540-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3541-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3541-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3542-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3542-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3549-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3580-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3597-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3597-2/"
      },
      {
        "trust": 1.0,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03871en_us"
      },
      {
        "trust": 0.8,
        "url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution"
      },
      {
        "trust": 0.8,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
      },
      {
        "trust": 0.8,
        "url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://www.us-cert.gov/ncas/alerts/ta18-141a"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/208.html"
      },
      {
        "trust": 0.8,
        "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel"
      },
      {
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-18-002"
      },
      {
        "trust": 0.8,
        "url": "https://support.hp.com/us-en/document/c06001626"
      },
      {
        "trust": 0.8,
        "url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/"
      },
      {
        "trust": 0.8,
        "url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/"
      },
      {
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
      },
      {
        "trust": 0.8,
        "url": "https://www.suse.com/support/kb/doc/?id=7022937"
      },
      {
        "trust": 0.8,
        "url": "https://www.synology.com/en-global/support/security/synology_sa_18_23"
      },
      {
        "trust": 0.8,
        "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4"
      },
      {
        "trust": 0.8,
        "url": "https://kb.vmware.com/s/article/54951"
      },
      {
        "trust": 0.8,
        "url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2017-5753"
      },
      {
        "trust": 0.6,
        "url": "https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2017-5754"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2017-5715"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/errata/rhsa-2018:0008"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/errata/rhsa-2018:0016"
      },
      {
        "trust": 0.4,
        "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/spectreandmeltdown"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754"
      },
      {
        "trust": 0.3,
        "url": "http://www.amd.com/en-gb"
      },
      {
        "trust": 0.3,
        "url": "https://www.arm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/content/www/us/en/homepage.html"
      },
      {
        "trust": 0.3,
        "url": "https://newsroom.intel.com/news/intel-responds-to-security-research-findings/"
      },
      {
        "trust": 0.3,
        "url": "https://lwn.net/articles/738975/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10842\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht208394"
      },
      {
        "trust": 0.3,
        "url": "https://www.chromium.org/home/chromium-security/ssca"
      },
      {
        "trust": 0.3,
        "url": "https://www.amd.com/en/corporate/speculative-execution"
      },
      {
        "trust": 0.3,
        "url": "https://source.android.com/security/bulletin/2018-01-01"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2018/jan/21"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2018/jan/22"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2018/jan/23"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519778"
      },
      {
        "trust": 0.3,
        "url": "http://xenbits.xenproject.org/xsa/advisory-289.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.google.com/faqs/answer/7622138"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01c"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01e"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/120"
      },
      {
        "trust": 0.3,
        "url": "https://jvn.jp/vu/jvnvu93823979/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2018-4431088.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-meltdown-and-spectre-update-1"
      },
      {
        "trust": 0.3,
        "url": "https://googleprojectzero.blogspot.in/2018/01/reading-privileged-memory-with-side.html"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0007"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0009"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0010"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0011"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0017"
      },
      {
        "trust": 0.3,
        "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa161"
      },
      {
        "trust": 0.3,
        "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2018-01/"
      },
      {
        "trust": 0.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-chrome-os_19.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.vmware.com/pipermail/security-announce/2018/000397.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.vmware.com/security/advisories/vmsa-2018-0007.html"
      },
      {
        "trust": 0.3,
        "url": "https://developer.arm.com/support/security-update"
      },
      {
        "trust": 0.3,
        "url": "http://xenbits.xenproject.org/xsa/advisory-289.txt"
      },
      {
        "trust": 0.2,
        "url": "https://www.ubuntu.com/usn/usn-3541-1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/3307851"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03871en_us"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.13.0-31.34"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0046"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3580-1"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-a00039267en_us\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://developer.arm.com/support/security-update\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.amd.com/en/corporate/speculative-execution\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18241"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16911"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/linux"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5332"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16914"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000199"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7492"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16913"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13220"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16912"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000004"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1049.58"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-euclid/4.4.0-9023.24"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-112.135"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3540-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0045"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0022"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3541-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.13.0-1006.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1017.18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-31.34~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1007.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "PACKETSTORM",
        "id": "146015"
      },
      {
        "db": "PACKETSTORM",
        "id": "145717"
      },
      {
        "db": "PACKETSTORM",
        "id": "146501"
      },
      {
        "db": "PACKETSTORM",
        "id": "145964"
      },
      {
        "db": "PACKETSTORM",
        "id": "147451"
      },
      {
        "db": "PACKETSTORM",
        "id": "145641"
      },
      {
        "db": "PACKETSTORM",
        "id": "146014"
      },
      {
        "db": "PACKETSTORM",
        "id": "145721"
      },
      {
        "db": "PACKETSTORM",
        "id": "145658"
      },
      {
        "db": "PACKETSTORM",
        "id": "145666"
      },
      {
        "db": "PACKETSTORM",
        "id": "146019"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956",
        "ident": null
      },
      {
        "db": "BID",
        "id": "102371",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146015",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145717",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146501",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145964",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "147451",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145641",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146014",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145721",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145658",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145666",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146019",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-05-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "date": "2018-01-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00304",
        "ident": null
      },
      {
        "date": "2018-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113956",
        "ident": null
      },
      {
        "date": "2018-01-03T00:00:00",
        "db": "BID",
        "id": "102371",
        "ident": null
      },
      {
        "date": "2018-01-23T04:31:56",
        "db": "PACKETSTORM",
        "id": "146015",
        "ident": null
      },
      {
        "date": "2018-01-06T18:01:01",
        "db": "PACKETSTORM",
        "id": "145717",
        "ident": null
      },
      {
        "date": "2018-02-21T19:22:00",
        "db": "PACKETSTORM",
        "id": "146501",
        "ident": null
      },
      {
        "date": "2018-01-18T20:41:22",
        "db": "PACKETSTORM",
        "id": "145964",
        "ident": null
      },
      {
        "date": "2018-05-03T01:31:56",
        "db": "PACKETSTORM",
        "id": "147451",
        "ident": null
      },
      {
        "date": "2018-01-04T01:20:35",
        "db": "PACKETSTORM",
        "id": "145641",
        "ident": null
      },
      {
        "date": "2018-01-23T04:31:47",
        "db": "PACKETSTORM",
        "id": "146014",
        "ident": null
      },
      {
        "date": "2018-01-06T18:01:22",
        "db": "PACKETSTORM",
        "id": "145721",
        "ident": null
      },
      {
        "date": "2018-01-04T17:52:00",
        "db": "PACKETSTORM",
        "id": "145658",
        "ident": null
      },
      {
        "date": "2018-01-04T17:53:07",
        "db": "PACKETSTORM",
        "id": "145666",
        "ident": null
      },
      {
        "date": "2018-01-23T04:32:21",
        "db": "PACKETSTORM",
        "id": "146019",
        "ident": null
      },
      {
        "date": "2018-01-04T13:29:00.257000",
        "db": "NVD",
        "id": "CVE-2017-5753",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-06-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "date": "2018-01-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00304",
        "ident": null
      },
      {
        "date": "2021-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113956",
        "ident": null
      },
      {
        "date": "2019-04-17T06:00:00",
        "db": "BID",
        "id": "102371",
        "ident": null
      },
      {
        "date": "2025-01-14T19:29:55.853000",
        "db": "NVD",
        "id": "CVE-2017-5753",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "PACKETSTORM",
        "id": "146015"
      },
      {
        "db": "PACKETSTORM",
        "id": "146501"
      },
      {
        "db": "PACKETSTORM",
        "id": "146014"
      },
      {
        "db": "PACKETSTORM",
        "id": "146019"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "_id": null,
    "data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "102371"
      }
    ],
    "trust": 0.3
  }
}

VAR-202203-0145

Vulnerability from variot - Updated: 2026-04-10 23:37

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the WebGLMultiDraw component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.

For the oldstable distribution (buster), these problems have been fixed in version 2.36.0-3~deb10u1.

For the stable distribution (bullseye), these problems have been fixed in version 2.36.0-3~deb11u1.

We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows

iTunes 12.12.3 for Windows addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213188. CVE-2022-22611: Xingyu Jin of Google

ImageIO Available for: Windows 10 and later Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google

WebKit Available for: Windows 10 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative

iTunes 12.12.3 for Windows may be obtained from: https://www.apple.com/itunes/download/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. Description:

Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.

For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

Security fixes:

CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Bugs addressed:

subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)
[Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)
Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)
submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)
Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)
unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)
[IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)
Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)
RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)
Submariner OVN support (ACM-1358)
Submariner Azure Console support (ACM-1388)
ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)
Submariner on disconnected ACM #22000 (ACM-1678)
Submariner gateway: Error creating AWS security group if already exists (ACM-2055)
Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)
The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)
The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)
Subctl 0.14.0 prints version "vsubctl" (ACM-2132)
managedclusters "local-cluster" not found and missing Submariner Broker CRD (ACM-2145)
Add support of ARO to Submariner deployment (ACM-2150)
The e2e tests execution fails for "Basic TCP connectivity" tests (ACM-2204)
Gateway error shown "diagnose all" tests (ACM-2206)
Submariner does not support cluster "kube-proxy ipvs mode"(ACM-2211)
Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)
Cannot use submariner with OSP and self signed certs (ACM-2274)
Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)
Subctl 0.14.1 prints version "devel" (ACM-2482)
Bugs fixed (https://bugzilla.redhat.com/):

2013711 - subctl diagnose firewall metrics does not work on merged kubeconfig 2097381 - [Submariner] - Fails to increase gateway amount after deployment 2108634 - Submariner gateway node does not get deleted with subctl cloud cleanup command 2119362 - submariner GW pods are unable to resolve the DNS of the Broker K8s API URL 2124219 - Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2130326 - unable to run subctl benchmark latency, pods fail with ImagePullBackOff 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2136442 - [IBM Z] - Submariner addon unistallation doesnt work from ACM console 2139477 - Tags on AWS security group for gateway node break cloud-controller LoadBalancer 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

JIRA issues fixed (https://issues.jboss.org/):

ACM-1614 - ManagedClusterSet consumers migrate to v1beta2 (Submariner) ACM-2055 - Submariner gateway: Error creating AWS security group if already exists ACM-2057 - [Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner ACM-2058 - [Submariner] - The submariner-metrics-proxy pod pulls an image with wrong naming convention ACM-2067 - [Submariner] - The submariner-metrics-proxy pod is not part of the Agent readiness check ACM-2132 - Subctl 0.14.0 prints version "vsubctl" ACM-2145 - managedclusters "local-cluster" not found and missing Submariner Broker CRD ACM-2150 - Add support of ARO to Submariner deployment ACM-2204 - [Submariner] - e2e tests execution fails for "Basic TCP connectivity" tests ACM-2206 - [Submariner] - Gateway error shown "diagnose all" tests ACM-2211 - [Submariner] - Submariner does not support cluster "kube-proxy ipvs mode" ACM-2256 - [Submariner] - Vsphere cluster shows Pod Security admission controller warnings ACM-2274 - Cannot use submariner with OSP and self signed certs ACM-2387 - [Submariner] - subctl diagnose tests spawn nettest image with wrong tag nameing convention ACM-2482 - Subctl 0.14.1 prints version "devel"

Description:

Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

This advisory covers container images for the release.

Security Fix(es):

goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)
golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
kiali: error message spoofing in kiali UI (CVE-2022-3962)
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2148199 - CVE-2022-39278 Istio: Denial of service attack via a specially crafted message 2148661 - CVE-2022-3962 kiali: error message spoofing in kiali UI 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

JIRA issues fixed (https://issues.jboss.org/):

OSSM-1977 - Support for Istio Gateway API in Kiali OSSM-2083 - Update maistra/istio 2.3 to Istio 1.14.5 OSSM-2147 - Unexpected validation message on Gateway object OSSM-2169 - Member controller doesn't retry on conflict OSSM-2170 - Member namespaces aren't cleaned up when a cluster-scoped SMMR is deleted OSSM-2179 - Wasm plugins only support OCI images with 1 layer OSSM-2184 - Istiod isn't allowed to delete analysis distribution report configmap OSSM-2188 - Member namespaces not cleaned up when SMCP is deleted OSSM-2189 - If multiple SMCPs exist in a namespace, the controller reconciles them all OSSM-2190 - The memberroll controller reconciles SMMRs with invalid name OSSM-2232 - The member controller reconciles ServiceMeshMember with invalid name OSSM-2241 - Remove v2.0 from Create ServiceMeshControlPlane Form OSSM-2251 - CVE-2022-3962 openshift-istio-kiali-container: kiali: content spoofing [ossm-2.3] OSSM-2308 - add root CA certificates to kiali container OSSM-2315 - be able to customize openshift auth timeouts OSSM-2324 - Gateway injection does not work when pods are created by cluster admins OSSM-2335 - Potential hang using Traces scatterplot chart OSSM-2338 - Federation deployment does not need router mode sni-dnat OSSM-2344 - Restarting istiod causes Kiali to flood CRI-O with port-forward requests OSSM-2375 - Istiod should log member namespaces on every update OSSM-2376 - ServiceMesh federation stops working after the restart of istiod pod OSSM-535 - Support validationMessages in SMCP OSSM-827 - ServiceMeshMembers point to wrong SMCP name

Description:

Service Binding manages the data plane for applications and backing services. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

JIRA issues fixed (https://issues.jboss.org/):

APPSVC-1204 - Provisioned Service discovery APPSVC-1256 - CVE-2022-41717

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: webkit2gtk3 security and bug fix update Advisory ID: RHSA-2022:7704-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7704 Issue date: 2022-11-08 CVE Names: CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 ==================================================================== 1. Summary:

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source: webkit2gtk3-2.36.7-1.el8.src.rpm

aarch64: webkit2gtk3-2.36.7-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.36.7-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.36.7-1.el8.aarch64.rpm webkit2gtk3-devel-2.36.7-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8.aarch64.rpm webkit2gtk3-jsc-2.36.7-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.aarch64.rpm

ppc64le: webkit2gtk3-2.36.7-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.36.7-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.36.7-1.el8.ppc64le.rpm webkit2gtk3-devel-2.36.7-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.36.7-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm

s390x: webkit2gtk3-2.36.7-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.36.7-1.el8.s390x.rpm webkit2gtk3-debugsource-2.36.7-1.el8.s390x.rpm webkit2gtk3-devel-2.36.7-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8.s390x.rpm webkit2gtk3-jsc-2.36.7-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.s390x.rpm

x86_64: webkit2gtk3-2.36.7-1.el8.i686.rpm webkit2gtk3-2.36.7-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.36.7-1.el8.i686.rpm webkit2gtk3-debuginfo-2.36.7-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.36.7-1.el8.i686.rpm webkit2gtk3-debugsource-2.36.7-1.el8.x86_64.rpm webkit2gtk3-devel-2.36.7-1.el8.i686.rpm webkit2gtk3-devel-2.36.7-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8.x86_64.rpm webkit2gtk3-jsc-2.36.7-1.el8.i686.rpm webkit2gtk3-jsc-2.36.7-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source: glib2-2.56.4-159.el8.src.rpm

aarch64: glib2-2.56.4-159.el8.aarch64.rpm glib2-debuginfo-2.56.4-159.el8.aarch64.rpm glib2-debugsource-2.56.4-159.el8.aarch64.rpm glib2-devel-2.56.4-159.el8.aarch64.rpm glib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm glib2-fam-2.56.4-159.el8.aarch64.rpm glib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm glib2-tests-2.56.4-159.el8.aarch64.rpm glib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm

ppc64le: glib2-2.56.4-159.el8.ppc64le.rpm glib2-debuginfo-2.56.4-159.el8.ppc64le.rpm glib2-debugsource-2.56.4-159.el8.ppc64le.rpm glib2-devel-2.56.4-159.el8.ppc64le.rpm glib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm glib2-fam-2.56.4-159.el8.ppc64le.rpm glib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm glib2-tests-2.56.4-159.el8.ppc64le.rpm glib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm

s390x: glib2-2.56.4-159.el8.s390x.rpm glib2-debuginfo-2.56.4-159.el8.s390x.rpm glib2-debugsource-2.56.4-159.el8.s390x.rpm glib2-devel-2.56.4-159.el8.s390x.rpm glib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm glib2-fam-2.56.4-159.el8.s390x.rpm glib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm glib2-tests-2.56.4-159.el8.s390x.rpm glib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm

x86_64: glib2-2.56.4-159.el8.i686.rpm glib2-2.56.4-159.el8.x86_64.rpm glib2-debuginfo-2.56.4-159.el8.i686.rpm glib2-debuginfo-2.56.4-159.el8.x86_64.rpm glib2-debugsource-2.56.4-159.el8.i686.rpm glib2-debugsource-2.56.4-159.el8.x86_64.rpm glib2-devel-2.56.4-159.el8.i686.rpm glib2-devel-2.56.4-159.el8.x86_64.rpm glib2-devel-debuginfo-2.56.4-159.el8.i686.rpm glib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm glib2-fam-2.56.4-159.el8.x86_64.rpm glib2-fam-debuginfo-2.56.4-159.el8.i686.rpm glib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm glib2-tests-2.56.4-159.el8.x86_64.rpm glib2-tests-debuginfo-2.56.4-159.el8.i686.rpm glib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64: glib2-debuginfo-2.56.4-159.el8.aarch64.rpm glib2-debugsource-2.56.4-159.el8.aarch64.rpm glib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm glib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm glib2-static-2.56.4-159.el8.aarch64.rpm glib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm

noarch: glib2-doc-2.56.4-159.el8.noarch.rpm

ppc64le: glib2-debuginfo-2.56.4-159.el8.ppc64le.rpm glib2-debugsource-2.56.4-159.el8.ppc64le.rpm glib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm glib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm glib2-static-2.56.4-159.el8.ppc64le.rpm glib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm

s390x: glib2-debuginfo-2.56.4-159.el8.s390x.rpm glib2-debugsource-2.56.4-159.el8.s390x.rpm glib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm glib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm glib2-static-2.56.4-159.el8.s390x.rpm glib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm

x86_64: glib2-debuginfo-2.56.4-159.el8.i686.rpm glib2-debuginfo-2.56.4-159.el8.x86_64.rpm glib2-debugsource-2.56.4-159.el8.i686.rpm glib2-debugsource-2.56.4-159.el8.x86_64.rpm glib2-devel-debuginfo-2.56.4-159.el8.i686.rpm glib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm glib2-fam-debuginfo-2.56.4-159.el8.i686.rpm glib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm glib2-static-2.56.4-159.el8.i686.rpm glib2-static-2.56.4-159.el8.x86_64.rpm glib2-tests-debuginfo-2.56.4-159.el8.i686.rpm glib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBY2pSR9zjgjWX9erEAQiQFQ//YREiZYxfs4xndA0wPNv+fq6qubz4ht3h FycNYUUhtiB+KqnpXfelECae9VC+jtDaBqrmopN4kGYPERbIBNOaxDM/AjiwQoRy WAMPMG0Nf7bES6RH793l9a36dPezHS7FQymSw1UsWgiFLEzalcP41UhJmz2ehhnF 89oC3QQ831rCFn637hiTMFkaOMhQsR+P7iCnpDXEA9f3jadtWkMk+ALkddEGR+zr bbCVMi3vd4q1w854SOU0mZjdBXd3JKcBFq5Iux1gY6XVDCilgU6QgZaltJJQx2u6 J3qGFykmSwgoCfvz2QUBMH5x3gYJHknfa1CrqgOtOC5gpO9ChEyRg7T5aC/mpY4P kfFh0VJEOZS29b34KOlKvXCRbgDjvuBy8EHvqJCs29a9ISOWOpZ8qsLDjTMBk+MR AU+J3Ym3ZiRaQhpFDDSakcuub0DAHESbokIsTHlsOt8J80GspJod3GRl2BUfY4FH uVH6t7IIL0k6zL/1si7cEnT1uMxp7rPh70KPSG0hm2CHrJ6MOLt9D6/eAuj7xAEL vkxev1kJ28kXoovVYmylhcjxX4w6v1M9QGE7IBMFEnFDi6btyWNDjD1vLGvmbuIT iJ120wnUt3kGH0vMLO2+Rfwj7jYVyR08tTY8JDtrxbhrUThjhJ9GCTLg3s+MaYVk J8NwK2xt2AQ=vhlq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

For Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

JIRA issues fixed (https://issues.jboss.org/):

LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.12.3"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.4"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.5"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-517"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22629"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Anonymous",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-517"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2022-22629",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-22629",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-22629",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22629",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-22629",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2022-22629",
            "trust": 0.7,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-517"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22629"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22629"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the WebGLMultiDraw component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.36.0-3~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.0-3~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows\n\niTunes 12.12.3 for Windows addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213188. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: Windows 10 and later\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nWebKit\nAvailable for: Windows 10 and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\niTunes 12.12.3 for Windows may be obtained from:\nhttps://www.apple.com/itunes/download/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nSecurity fixes:\n\n* CVE-2022-27664 golang: net/http: handle server errors after sending\nGOAWAY\n* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward\nunparseable query parameters\n* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing\nregexps\n* CVE-2022-41717 golang: net/http: An attacker can cause excessive memory\ngrowth in a Go server accepting HTTP/2 requests\n\nBugs addressed:\n\n* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ#\n2013711)\n* [Submariner] - Fails to increase gateway amount after deployment (BZ#\n2097381)\n* Submariner gateway node does not get deleted with subctl cloud cleanup\ncommand (BZ# 2108634)\n* submariner GW pods are unable to resolve the DNS of the Broker K8s API\nURL (BZ# 2119362)\n* Submariner gateway node does not get deployed after applying\nManagedClusterAddOn on Openstack (BZ# 2124219)\n* unable to run subctl benchmark latency, pods fail with ImagePullBackOff\n(BZ# 2130326)\n* [IBM Z] - Submariner addon unistallation doesnt work from ACM console\n(BZ# 2136442)\n* Tags on AWS security group for gateway node break cloud-controller\nLoadBalancer (BZ# 2139477)\n* RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)\n* Submariner OVN support (ACM-1358)\n* Submariner Azure Console support (ACM-1388)\n* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)\n* Submariner on disconnected ACM #22000 (ACM-1678)\n* Submariner gateway: Error creating AWS security group if already exists\n(ACM-2055)\n* Submariner gateway security group in AWS not deleted when uninstalling\nsubmariner (ACM-2057)\n* The submariner-metrics-proxy pod pulls an image with wrong naming\nconvention (ACM-2058)\n* The submariner-metrics-proxy pod is not part of the Agent readiness check\n(ACM-2067)\n* Subctl 0.14.0 prints version \"vsubctl\" (ACM-2132)\n* managedclusters \"local-cluster\" not found and missing Submariner Broker\nCRD (ACM-2145)\n* Add support of ARO to Submariner deployment (ACM-2150)\n* The e2e tests execution fails for \"Basic TCP connectivity\" tests\n(ACM-2204)\n* Gateway error shown \"diagnose all\" tests (ACM-2206)\n* Submariner does not support cluster \"kube-proxy ipvs mode\"(ACM-2211)\n* Vsphere cluster shows Pod Security admission controller warnings\n(ACM-2256)\n* Cannot use submariner with OSP and self signed certs (ACM-2274)\n* Subctl diagnose tests spawn nettest image with wrong tag nameing\nconvention (ACM-2387)\n* Subctl 0.14.1 prints version \"devel\" (ACM-2482)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2013711 - subctl diagnose firewall metrics does not work on merged kubeconfig\n2097381 - [Submariner] - Fails to increase gateway amount after deployment\n2108634 - Submariner gateway node does not get deleted with subctl cloud cleanup command\n2119362 - submariner GW pods are unable to resolve the DNS of the Broker K8s API URL\n2124219 - Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2130326 - unable to run subctl benchmark latency, pods fail with ImagePullBackOff\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2136442 - [IBM Z] - Submariner addon unistallation doesnt work from ACM console\n2139477 - Tags on AWS security group for gateway node break cloud-controller LoadBalancer\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nACM-1614 - ManagedClusterSet consumers migrate to v1beta2 (Submariner)\nACM-2055 - Submariner gateway: Error creating AWS security group if already exists\nACM-2057 - [Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner\nACM-2058 - [Submariner] - The submariner-metrics-proxy pod pulls an image with wrong naming convention\nACM-2067 - [Submariner] - The submariner-metrics-proxy pod is not part of the Agent readiness check\nACM-2132 - Subctl 0.14.0 prints version \"vsubctl\"\nACM-2145 - managedclusters \"local-cluster\" not found and missing Submariner Broker CRD\nACM-2150 - Add support of ARO to Submariner deployment\nACM-2204 - [Submariner] - e2e tests execution fails for \"Basic TCP connectivity\" tests\nACM-2206 - [Submariner] - Gateway error shown \"diagnose all\" tests\nACM-2211 - [Submariner] - Submariner does not support cluster \"kube-proxy ipvs mode\"\nACM-2256 - [Submariner] - Vsphere cluster shows Pod Security admission controller warnings\nACM-2274 - Cannot use submariner with OSP and self signed certs\nACM-2387 - [Submariner] - subctl diagnose tests spawn nettest image with wrong tag nameing convention\nACM-2482 - Subctl 0.14.1 prints version \"devel\"\n\n6. Description:\n\nRed Hat OpenShift Service Mesh is the Red Hat distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. \n\nThis advisory covers container images for the release. \n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as\nrandom as they should be (CVE-2021-4238)\n* golang: archive/tar: unbounded memory consumption when reading headers\n(CVE-2022-2879)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable\nquery parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY\n(CVE-2022-27664)\n* Istio: Denial of service attack via a specially crafted message\n(CVE-2022-39278)\n* golang: regexp/syntax: limit memory used by parsing regexps\n(CVE-2022-41715)\n* kiali: error message spoofing in kiali UI (CVE-2022-3962)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the\nencoded message is too short, potentially allowing a denial of service\n(CVE-2022-32189)\n\nFor more details about security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, see the CVE page(s)\nlisted in the Container CVEs section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2148199 - CVE-2022-39278 Istio: Denial of service attack via a specially crafted message\n2148661 - CVE-2022-3962 kiali: error message spoofing in kiali UI\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1977 - Support for Istio Gateway API in Kiali\nOSSM-2083 - Update maistra/istio 2.3 to Istio 1.14.5\nOSSM-2147 - Unexpected validation message on Gateway object\nOSSM-2169 - Member controller doesn\u0027t retry on conflict\nOSSM-2170 - Member namespaces aren\u0027t cleaned up when a cluster-scoped SMMR is deleted\nOSSM-2179 - Wasm plugins only support OCI images with 1 layer\nOSSM-2184 - Istiod isn\u0027t allowed to delete analysis distribution report configmap\nOSSM-2188 - Member namespaces not cleaned up when SMCP is deleted\nOSSM-2189 - If multiple SMCPs exist in a namespace, the controller reconciles them all\nOSSM-2190 - The memberroll controller reconciles SMMRs with invalid name\nOSSM-2232 - The member controller reconciles ServiceMeshMember with invalid name\nOSSM-2241 - Remove v2.0 from Create ServiceMeshControlPlane Form\nOSSM-2251 - CVE-2022-3962 openshift-istio-kiali-container: kiali: content spoofing [ossm-2.3]\nOSSM-2308 - add root CA certificates to kiali container\nOSSM-2315 - be able to customize openshift auth timeouts\nOSSM-2324 - Gateway injection does not work when pods are created by cluster admins\nOSSM-2335 - Potential hang using Traces scatterplot chart\nOSSM-2338 - Federation deployment does not need router mode sni-dnat\nOSSM-2344 - Restarting istiod causes Kiali to flood CRI-O with port-forward requests\nOSSM-2375 - Istiod should log member namespaces on every update\nOSSM-2376 - ServiceMesh federation stops working after the restart of istiod pod\nOSSM-535 - Support validationMessages in SMCP\nOSSM-827 - ServiceMeshMembers point to wrong SMCP name\n\n6. Description:\n\nService Binding manages the data plane for applications and backing\nservices. Bugs fixed (https://bugzilla.redhat.com/):\n\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nAPPSVC-1204 - Provisioned Service discovery\nAPPSVC-1256 - CVE-2022-41717\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: webkit2gtk3 security and bug fix update\nAdvisory ID:       RHSA-2022:7704-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7704\nIssue date:        2022-11-08\nCVE Names:         CVE-2022-22624 CVE-2022-22628 CVE-2022-22629\n                   CVE-2022-22662 CVE-2022-26700 CVE-2022-26709\n                   CVE-2022-26710 CVE-2022-26716 CVE-2022-26717\n                   CVE-2022-26719 CVE-2022-30293\n====================================================================\n1. Summary:\n\nAn update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise\nLinux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nGLib provides the core application building blocks for libraries and\napplications written in C. It provides the core object system used in\nGNOME, the main loop implementation, and a large set of utility functions\nfor strings and common data structures. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.36.7-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nglib2-2.56.4-159.el8.src.rpm\n\naarch64:\nglib2-2.56.4-159.el8.aarch64.rpm\nglib2-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-debugsource-2.56.4-159.el8.aarch64.rpm\nglib2-devel-2.56.4-159.el8.aarch64.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-fam-2.56.4-159.el8.aarch64.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-tests-2.56.4-159.el8.aarch64.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm\n\nppc64le:\nglib2-2.56.4-159.el8.ppc64le.rpm\nglib2-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-debugsource-2.56.4-159.el8.ppc64le.rpm\nglib2-devel-2.56.4-159.el8.ppc64le.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-fam-2.56.4-159.el8.ppc64le.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-tests-2.56.4-159.el8.ppc64le.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm\n\ns390x:\nglib2-2.56.4-159.el8.s390x.rpm\nglib2-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-debugsource-2.56.4-159.el8.s390x.rpm\nglib2-devel-2.56.4-159.el8.s390x.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-fam-2.56.4-159.el8.s390x.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-tests-2.56.4-159.el8.s390x.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm\n\nx86_64:\nglib2-2.56.4-159.el8.i686.rpm\nglib2-2.56.4-159.el8.x86_64.rpm\nglib2-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-debugsource-2.56.4-159.el8.i686.rpm\nglib2-debugsource-2.56.4-159.el8.x86_64.rpm\nglib2-devel-2.56.4-159.el8.i686.rpm\nglib2-devel-2.56.4-159.el8.x86_64.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-fam-2.56.4-159.el8.x86_64.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-tests-2.56.4-159.el8.x86_64.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nglib2-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-debugsource-2.56.4-159.el8.aarch64.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-static-2.56.4-159.el8.aarch64.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm\n\nnoarch:\nglib2-doc-2.56.4-159.el8.noarch.rpm\n\nppc64le:\nglib2-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-debugsource-2.56.4-159.el8.ppc64le.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-static-2.56.4-159.el8.ppc64le.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm\n\ns390x:\nglib2-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-debugsource-2.56.4-159.el8.s390x.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-static-2.56.4-159.el8.s390x.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm\n\nx86_64:\nglib2-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-debugsource-2.56.4-159.el8.i686.rpm\nglib2-debugsource-2.56.4-159.el8.x86_64.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-static-2.56.4-159.el8.i686.rpm\nglib2-static-2.56.4-159.el8.x86_64.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY2pSR9zjgjWX9erEAQiQFQ//YREiZYxfs4xndA0wPNv+fq6qubz4ht3h\nFycNYUUhtiB+KqnpXfelECae9VC+jtDaBqrmopN4kGYPERbIBNOaxDM/AjiwQoRy\nWAMPMG0Nf7bES6RH793l9a36dPezHS7FQymSw1UsWgiFLEzalcP41UhJmz2ehhnF\n89oC3QQ831rCFn637hiTMFkaOMhQsR+P7iCnpDXEA9f3jadtWkMk+ALkddEGR+zr\nbbCVMi3vd4q1w854SOU0mZjdBXd3JKcBFq5Iux1gY6XVDCilgU6QgZaltJJQx2u6\nJ3qGFykmSwgoCfvz2QUBMH5x3gYJHknfa1CrqgOtOC5gpO9ChEyRg7T5aC/mpY4P\nkfFh0VJEOZS29b34KOlKvXCRbgDjvuBy8EHvqJCs29a9ISOWOpZ8qsLDjTMBk+MR\nAU+J3Ym3ZiRaQhpFDDSakcuub0DAHESbokIsTHlsOt8J80GspJod3GRl2BUfY4FH\nuVH6t7IIL0k6zL/1si7cEnT1uMxp7rPh70KPSG0hm2CHrJ6MOLt9D6/eAuj7xAEL\nvkxev1kJ28kXoovVYmylhcjxX4w6v1M9QGE7IBMFEnFDi6btyWNDjD1vLGvmbuIT\niJ120wnUt3kGH0vMLO2+Rfwj7jYVyR08tTY8JDtrxbhrUThjhJ9GCTLg3s+MaYVk\nJ8NwK2xt2AQ=vhlq\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster\nLOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch\nLOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn\u0027t support multiple CAs\nLOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. \nLOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value\nLOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed\nLOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue\nLOG-3310 - [release-5.5] Can\u0027t choose correct CA ConfigMap Key when creating lokistack in Console\nLOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22629"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-517"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411257"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22629"
      },
      {
        "db": "PACKETSTORM",
        "id": "169243"
      },
      {
        "db": "PACKETSTORM",
        "id": "166314"
      },
      {
        "db": "PACKETSTORM",
        "id": "170956"
      },
      {
        "db": "PACKETSTORM",
        "id": "170898"
      },
      {
        "db": "PACKETSTORM",
        "id": "170806"
      },
      {
        "db": "PACKETSTORM",
        "id": "171127"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      },
      {
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22629",
        "trust": 2.8
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-517",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-15747",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166314",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170956",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169760",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170898",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170210",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169920",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171026",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171144",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168226",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169889",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-411257",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22629",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169243",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170806",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171127",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170162",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172460",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-517"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411257"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22629"
      },
      {
        "db": "PACKETSTORM",
        "id": "169243"
      },
      {
        "db": "PACKETSTORM",
        "id": "166314"
      },
      {
        "db": "PACKETSTORM",
        "id": "170956"
      },
      {
        "db": "PACKETSTORM",
        "id": "170898"
      },
      {
        "db": "PACKETSTORM",
        "id": "170806"
      },
      {
        "db": "PACKETSTORM",
        "id": "171127"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      },
      {
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22629"
      }
    ]
  },
  "id": "VAR-202203-0145",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411257"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:37:20.905000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Apple has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://support.apple.com/en-us/HT213187"
      },
      {
        "title": "Debian Security Advisories: DSA-5115-1 webkit2gtk -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=402293ed3f2cdd93315804311726c6ba"
      },
      {
        "title": "Debian Security Advisories: DSA-5116-1 wpewebkit -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ed0e5704d3f401ded3b048d93f219bb2"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-22629"
      },
      {
        "title": "Apple: iOS 15.4 and iPadOS 15.4",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=14b60b166a667fc4faf52d81847a180a"
      },
      {
        "title": "Apple: macOS Monterey 12.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-517"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22629"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411257"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22629"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht213187"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213182"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213183"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213186"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213188"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213193"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-27664"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-46848"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-35737"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-2880"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-41715"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-40304"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-40303"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-42011"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-2879"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-42012"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-43680"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-42010"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-41717"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-32189"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-47629"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/2022/dsa-5115"
      },
      {
        "trust": 0.1,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-22-517/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/webkit2gtk"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213188."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2601"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3775"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3821"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2601"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30699"
      },
      {
        "trust": 0.1,
        "url": "https://submariner.io/."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41974"
      },
      {
        "trust": 0.1,
        "url": "https://submariner.io/getting-started/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0631"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39278"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21713"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21713"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21703"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21703"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3962"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7704"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28390"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27950"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0854"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-20368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8781"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25255"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30002"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1016"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21618"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2078"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0617"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21626"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-36946"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42003"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1055"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26373"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1355"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1048"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0924"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23960"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0908"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29581"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1184"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21499"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2639"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42004"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-23916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41724"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32190"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4415"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41725"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27664"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-517"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411257"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22629"
      },
      {
        "db": "PACKETSTORM",
        "id": "169243"
      },
      {
        "db": "PACKETSTORM",
        "id": "166314"
      },
      {
        "db": "PACKETSTORM",
        "id": "170956"
      },
      {
        "db": "PACKETSTORM",
        "id": "170898"
      },
      {
        "db": "PACKETSTORM",
        "id": "170806"
      },
      {
        "db": "PACKETSTORM",
        "id": "171127"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      },
      {
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22629"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-22-517",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-411257",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22629",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169243",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166314",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170956",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170898",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170806",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "171127",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169760",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170162",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "172460",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22629",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-03-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-517",
        "ident": null
      },
      {
        "date": "2022-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411257",
        "ident": null
      },
      {
        "date": "2022-04-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169243",
        "ident": null
      },
      {
        "date": "2022-03-15T15:46:09",
        "db": "PACKETSTORM",
        "id": "166314",
        "ident": null
      },
      {
        "date": "2023-02-10T15:49:15",
        "db": "PACKETSTORM",
        "id": "170956",
        "ident": null
      },
      {
        "date": "2023-02-08T16:00:47",
        "db": "PACKETSTORM",
        "id": "170898",
        "ident": null
      },
      {
        "date": "2023-01-31T17:11:04",
        "db": "PACKETSTORM",
        "id": "170806",
        "ident": null
      },
      {
        "date": "2023-02-27T14:51:11",
        "db": "PACKETSTORM",
        "id": "171127",
        "ident": null
      },
      {
        "date": "2022-11-08T13:47:18",
        "db": "PACKETSTORM",
        "id": "169760",
        "ident": null
      },
      {
        "date": "2022-12-08T16:34:22",
        "db": "PACKETSTORM",
        "id": "170162",
        "ident": null
      },
      {
        "date": "2023-05-19T14:41:19",
        "db": "PACKETSTORM",
        "id": "172460",
        "ident": null
      },
      {
        "date": "2022-09-23T20:15:09.307000",
        "db": "NVD",
        "id": "CVE-2022-22629",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2024-07-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-517",
        "ident": null
      },
      {
        "date": "2022-09-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411257",
        "ident": null
      },
      {
        "date": "2025-05-22T15:15:54.577000",
        "db": "NVD",
        "id": "CVE-2022-22629",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Apple Safari WebGLMultiDraw Heap-based Buffer Overflow Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-517"
      }
    ],
    "trust": 0.7
  },
  "type": {
    "_id": null,
    "data": "overflow, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166314"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      }
    ],
    "trust": 0.2
  }
}

VAR-201806-1470

Vulnerability from variot - Updated: 2026-04-10 23:34

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information. Apple macOS/watchOS/tvOS are prone to a local authorization-bypass vulnerability. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. The following products and versions are affected: Apple iOS prior to 11.4; Safari prior to 11.1.1; Windows-based iCloud prior to 7.5; Windows-based iTunes prior to 12.7.5; tvOS prior to 11.4; watchOS 4.3. 1 previous version. CVE-2018-4196: G. CVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team

apache_mod_php Available for: macOS High Sierra 10.13.4 Impact: Issues in php were addressed in this update Description: This issue was addressed by updating to php version 7.1.16. CVE-2018-4219: Mohamed Ghannam (@_simo36)

Bluetooth Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: A malicious application may be able to determine kernel memory layout. Description: An information disclosure issue existed in device properties. CVE-2018-4171: shrek_wzw of Qihoo 360 Nirvan Team

Bluetooth Available for: MacBook Pro (Retina, 15-inch, Mid 2015), MacBook Pro (Retina, 15-inch, 2015), MacBook Pro (Retina, 13-inch, Early 2015), MacBook Pro (15-inch, 2017), MacBook Pro (15-inch, 2016), MacBook Pro (13-inch, Late 2016, Two Thunderbolt 3 Ports), MacBook Pro (13-inch, Late 2016, Four Thunderbolt 3 Ports), MacBook Pro (13-inch, 2017, Four Thunderbolt 3 Ports), MacBook (Retina, 12-inch, Early 2016), MacBook (Retina, 12-inch, Early 2015), MacBook (Retina, 12-inch, 2017), iMac Pro, iMac (Retina 5K, 27-inch, Late 2015), iMac (Retina 5K, 27-inch, 2017), iMac (Retina 4K, 21.5-inch, Late 2015), iMac (Retina 4K, 21.5-inch, 2017), iMac (21.5-inch, Late 2015), and iMac (21.5-inch, 2017) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

Speech Available for: macOS High Sierra 10.13.4 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A sandbox issue existed in the handling of microphone access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4

iOS 11.4 addresses the following:

Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4215: Abraham Masri (@cheesecakeufo)

Bluetooth Available for: iPhone X, iPhone 8, iPhone 8 Plus, iPad 6th generation, and iPad Air 2 Not impacted: HomePod Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018

Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted vcf file may lead to a denial of service Description: A validation issue existed in the handling of phone numbers. This issue was addressed with improved validation of phone numbers. CVE-2018-4100: Abraham Masri (@cheesecakeufo)

FontParser Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks Description: An input validation issue was addressed with improved input validation. CVE-2018-4202: Jerry Decime

Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero

libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative

Magnifier Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen Description: A permissions issue existed in Magnifier. This was addressed with additional permission checks. CVE-2018-4239: an anonymous researcher

Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum

Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com

Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd CVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya

Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise Solutions

Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo)

Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in the handling of S-MIME certificaties. This issue was addressed with improved validation of S-MIME certificates. CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum

Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo)

Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo)

Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo)

Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to enable Siri from the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can BIKMAZ (@CanBkmaz) of Mustafa Kemal University

Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn)

Siri Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with physical access to a device may be able to see private contact information Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4244: an anonymous researcher

UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk)

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero

Installation note:

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 11.4".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUshMACgkQ8ecVjteJ iCbspA//aVxu/EdiaNxNRmRDFB8LpqKa3xjJdfkK9cJRYZ+eBHJZjBfzj4BzABuG Xow7FkEE7LSQpCeJ08Ggo6vVQUdR4+etQ2UfjQWGX6qIvLZUXK0lw2x5XdTP0q4m WmNoZcdK3cmbVXGMWUZRUrYPTWwMnTMsPpPoDoptaQRseN+K/0kdwsQZtdqeN9sq GN3Qp6AW6WR1gUAgDriIyzFXTxJ8NmKx2+4B5O2w0TbmzxGa/F5ZUjw4D/wwJJPA /RXAwseJMghPfbi9tNcjUhbGFfcnr5JvyGfY2GESFc7odWt2XSpePHr6qaJzogBr KeJKOVpgTdS4PO37+KDUfQDIElSnYQVTff8Tinxg/Zojafp0PxYkDYRxw7i16YKU HsB7R0o5Yi5YD4uG5ioMj4RspQDWozzveVvvtah6/bWChQQwD3XHr6JRM6oJ106G wNx2EHfRRXFQCY680RfE8hN/98IJRrCF6nIdO9zBbzGM/Ihzr02F0qSrdB5/PXSq S6EwJi0M5ia/KMFSO7EY5qQ2aipyDC3WPkvQrHtpsqstMrktyJOYGbm/t39WmIBb gC92rxvNFr5mO8Owypu1/tloGr15zIxPGR6OXA/DVxdRm2/UmW1tsqQfKgporJMD de6uiZJb8p8X36KC7YmHLTApYL3CaZebJIIOmf8tKjQUxxbR9wE= =nII0 -----END PGP SIGNATURE----- .

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.7.5"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.5"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.6.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.7.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.5.0"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.2.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "watch hermes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "watch edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "watch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.6"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.5"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.4"
      },
      {
        "_id": null,
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104888"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4226"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-4226",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-4226",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.1,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-134257",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-4226",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-4226",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201806-607",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134257",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-4226",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134257"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4226"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the \"Security\" component. It allows local users to bypass intended restrictions on the reading of sensitive user information. Apple macOS/watchOS/tvOS are prone to a local authorization-bypass vulnerability. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. The following products and versions are affected: Apple iOS prior to 11.4; Safari prior to 11.1.1; Windows-based iCloud prior to 7.5; Windows-based iTunes prior to 12.7.5; tvOS prior to 11.4; watchOS 4.3. 1 previous version. \nCVE-2018-4196: G. \nCVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team\n\napache_mod_php\nAvailable for: macOS High Sierra 10.13.4\nImpact: Issues in php were addressed in this update\nDescription: This issue was addressed by updating to php version\n7.1.16. \nCVE-2018-4219: Mohamed Ghannam (@_simo36)\n\nBluetooth\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\nImpact: A malicious application may be able to determine kernel\nmemory layout. \nDescription: An information disclosure issue existed in device\nproperties. \nCVE-2018-4171: shrek_wzw of Qihoo 360 Nirvan Team\n\nBluetooth\nAvailable for: MacBook Pro (Retina, 15-inch, Mid 2015), MacBook Pro\n(Retina, 15-inch, 2015), MacBook Pro (Retina, 13-inch, Early 2015),\nMacBook Pro (15-inch, 2017), MacBook Pro (15-inch, 2016),\nMacBook Pro (13-inch, Late 2016, Two Thunderbolt 3 Ports),\nMacBook Pro (13-inch, Late 2016, Four Thunderbolt 3 Ports),\nMacBook Pro (13-inch, 2017, Four Thunderbolt 3 Ports),\nMacBook (Retina, 12-inch, Early 2016), MacBook\n(Retina, 12-inch, Early 2015), MacBook (Retina, 12-inch, 2017),\niMac Pro, iMac (Retina 5K, 27-inch, Late 2015), iMac\n(Retina 5K, 27-inch, 2017), iMac (Retina 4K, 21.5-inch, Late 2015),\niMac (Retina 4K, 21.5-inch, 2017), iMac (21.5-inch, Late 2015), and\niMac (21.5-inch, 2017)\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. \nCVE-2018-4211: Proteas of Qihoo 360 Nirvan Team\n\nGrand Central Dispatch\nAvailable for: macOS High Sierra 10.13.4\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An issue existed in parsing entitlement plists. The issue appears to be from an undocumented\nside effect of the instructions. \nCVE-2018-4226: Abraham Masri (@cheesecakeufo)\n\nSpeech\nAvailable for: macOS High Sierra 10.13.4\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A sandbox issue existed in the handling of microphone\naccess. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-7-23-3 Additional information for\nAPPLE-SA-2018-06-01-4 iOS 11.4\n\niOS 11.4 addresses the following:\n\nBluetooth\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2018-4215: Abraham Masri (@cheesecakeufo)\n\nBluetooth\nAvailable for: iPhone X, iPhone 8, iPhone 8 Plus,\niPad 6th generation, and iPad Air 2\nNot impacted: HomePod\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. This\nissue was addressed with improved input validation. \nCVE-2018-5383: Lior Neumann and Eli Biham\nEntry added July 23, 2018\n\nContacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted vcf file may lead to a\ndenial of service\nDescription: A validation issue existed in the handling of phone\nnumbers. This issue was addressed with improved validation of phone\nnumbers. \nCVE-2018-4100: Abraham Masri (@cheesecakeufo)\n\nFontParser\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4211: Proteas of Qihoo 360 Nirvan Team\n\niBooks\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in iBooks\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4202: Jerry Decime\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4249: Kevin Backhouse of Semmle Ltd. \n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2018-4241: Ian Beer of Google Project Zero\nCVE-2018-4243: Ian Beer of Google Project Zero\n\nlibxpc\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro\u0027s Zero\nDay Initiative\n\nMagnifier\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nview the last image used in Magnifier from the lockscreen\nDescription: A permissions issue existed in Magnifier.  This was\naddressed with additional permission checks. \nCVE-2018-4239: an anonymous researcher\n\nMail\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker may be able to exfiltrate the contents of\nS/MIME-encrypted e-mail\nDescription: An issue existed in the handling of encrypted Mail. This\nissue was addressed with improved isolation of MIME in Mail. \nCVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied\nSciences, Christian Dresen of MA1/4nster University of Applied Sciences,\nJens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster\nUniversity of Applied Sciences, Sebastian Schinzel of MA1/4nster\nUniversity of Applied Sciences, Simon Friedberger of KU Leuven, Juraj\nSomorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University\nBochum\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to conduct impersonation attacks\nDescription: An injection issue was addressed with improved input\nvalidation. \nCVE-2018-4235: Anurodh Pokharel of Salesforce.com\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: This issue was addressed with improved message\nvalidation. \nCVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd\nCVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious website may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise\nSolutions\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to read a persistent account\nidentifier\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4223: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Users may be tracked by malicious websites using client\ncertificates\nDescription: An issue existed in the handling of S-MIME\ncertificaties. This issue was addressed with improved validation of\nS-MIME certificates. \nCVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied\nSciences, Christian Dresen of MA1/4nster University of Applied Sciences,\nJens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster\nUniversity of Applied Sciences, Sebastian Schinzel of MA1/4nster\nUniversity of Applied Sciences, Simon Friedberger of KU Leuven, Juraj\nSomorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University\nBochum\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to read a persistent device\nidentifier\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4224: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify the state of the Keychain\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4225: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to view sensitive user information\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4226: Abraham Masri (@cheesecakeufo)\n\nSiri\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nenable Siri from the lock screen\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can\nBIKMAZ (@CanBkmaz) of Mustafa Kemal University\n\nSiri\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nuse Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn)\n\nSiri Contacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker with physical access to a device may be able to\nsee private contact information\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4244: an anonymous researcher\n\nUIKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A validation issue existed in the handling of text. This\nissue was addressed with improved validation of text. \nCVE-2018-4198: Hunter Byrnes\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4201: an anonymous researcher\nCVE-2018-4218: Natalie Silvanovich of Google Project Zero\nCVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro\u0027s Zero\nDay Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils\nof MWR Labs working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a maliciously crafted website may lead to cookies\nbeing overwritten\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed with improved restrictions. \nCVE-2018-4232: an anonymous researcher, Aymeric Chaib\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A race condition was addressed with improved locking. \nCVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat\nof Ret2 Systems, Inc working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4214: found by OSS-Fuzz\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working\nwith Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2018-4246: found by OSS-Fuzz\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: Credentials were unexpectedly sent when fetching CSS\nmask images. This was addressed by using a CORS-enabled fetch method. \nCVE-2018-4190: Jun Kokatsu (@shhnjk)\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2018-4222: Natalie Silvanovich of Google Project Zero\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 11.4\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUshMACgkQ8ecVjteJ\niCbspA//aVxu/EdiaNxNRmRDFB8LpqKa3xjJdfkK9cJRYZ+eBHJZjBfzj4BzABuG\nXow7FkEE7LSQpCeJ08Ggo6vVQUdR4+etQ2UfjQWGX6qIvLZUXK0lw2x5XdTP0q4m\nWmNoZcdK3cmbVXGMWUZRUrYPTWwMnTMsPpPoDoptaQRseN+K/0kdwsQZtdqeN9sq\nGN3Qp6AW6WR1gUAgDriIyzFXTxJ8NmKx2+4B5O2w0TbmzxGa/F5ZUjw4D/wwJJPA\n/RXAwseJMghPfbi9tNcjUhbGFfcnr5JvyGfY2GESFc7odWt2XSpePHr6qaJzogBr\nKeJKOVpgTdS4PO37+KDUfQDIElSnYQVTff8Tinxg/Zojafp0PxYkDYRxw7i16YKU\nHsB7R0o5Yi5YD4uG5ioMj4RspQDWozzveVvvtah6/bWChQQwD3XHr6JRM6oJ106G\nwNx2EHfRRXFQCY680RfE8hN/98IJRrCF6nIdO9zBbzGM/Ihzr02F0qSrdB5/PXSq\nS6EwJi0M5ia/KMFSO7EY5qQ2aipyDC3WPkvQrHtpsqstMrktyJOYGbm/t39WmIBb\ngC92rxvNFr5mO8Owypu1/tloGr15zIxPGR6OXA/DVxdRm2/UmW1tsqQfKgporJMD\nde6uiZJb8p8X36KC7YmHLTApYL3CaZebJIIOmf8tKjQUxxbR9wE=\n=nII0\n-----END PGP SIGNATURE-----\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4226"
      },
      {
        "db": "BID",
        "id": "104888"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134257"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4226"
      },
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4226",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "104888",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1041027",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-134257",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4226",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148642",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148017",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148643",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148645",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148018",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148015",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134257"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4226"
      },
      {
        "db": "BID",
        "id": "104888"
      },
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4226"
      }
    ]
  },
  "id": "VAR-201806-1470",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134257"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:34:04.094000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Multiple Apple product Security Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80801"
      },
      {
        "title": "Apple: watchOS 4.3.1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f4c2f01c97a0857022a69b5486be838"
      },
      {
        "title": "Apple: iTunes 12.7.5 for Windows",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=427778ba6ddba25910ede3bba3ecff86"
      },
      {
        "title": "Apple: iCloud for Windows 7.5",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=02a7454fe2f6b5665d8cc96d80b7dfc4"
      },
      {
        "title": "Apple: iOS 11.4",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f3db097f895347566033494c2dda90b"
      },
      {
        "title": "Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f93fc5c87ddc6e336e7b02ff3308dfe6"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-4226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134257"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4226"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/104888"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208848"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208849"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208851"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208852"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208853"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1041027"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4225"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4224"
      },
      {
        "trust": 0.6,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4226"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4235"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4198"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4240"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4237"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4223"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4211"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4241"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4202"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4221"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4227"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00009.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00010.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00012.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4249"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4243"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4190"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4188"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4232"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4204"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4199"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4219"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4184"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4230"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4141"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4228"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4196"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4229"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4234"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4159"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4236"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4242"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4171"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4246"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4238"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4215"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4100"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4239"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht208851"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4200"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134257"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4226"
      },
      {
        "db": "BID",
        "id": "104888"
      },
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4226"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-134257",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4226",
        "ident": null
      },
      {
        "db": "BID",
        "id": "104888",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148642",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148017",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148643",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148645",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148018",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148015",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4226",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-06-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134257",
        "ident": null
      },
      {
        "date": "2018-06-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4226",
        "ident": null
      },
      {
        "date": "2018-07-23T00:00:00",
        "db": "BID",
        "id": "104888",
        "ident": null
      },
      {
        "date": "2018-07-23T13:02:22",
        "db": "PACKETSTORM",
        "id": "148642",
        "ident": null
      },
      {
        "date": "2018-06-04T15:58:18",
        "db": "PACKETSTORM",
        "id": "148017",
        "ident": null
      },
      {
        "date": "2018-07-23T14:44:44",
        "db": "PACKETSTORM",
        "id": "148643",
        "ident": null
      },
      {
        "date": "2018-07-23T15:22:22",
        "db": "PACKETSTORM",
        "id": "148645",
        "ident": null
      },
      {
        "date": "2018-06-04T15:58:45",
        "db": "PACKETSTORM",
        "id": "148018",
        "ident": null
      },
      {
        "date": "2018-06-01T18:32:22",
        "db": "PACKETSTORM",
        "id": "148015",
        "ident": null
      },
      {
        "date": "2018-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-607",
        "ident": null
      },
      {
        "date": "2018-06-08T18:29:01.757000",
        "db": "NVD",
        "id": "CVE-2018-4226",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-03-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134257",
        "ident": null
      },
      {
        "date": "2019-03-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4226",
        "ident": null
      },
      {
        "date": "2018-07-23T00:00:00",
        "db": "BID",
        "id": "104888",
        "ident": null
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-607",
        "ident": null
      },
      {
        "date": "2024-11-21T04:07:00.613000",
        "db": "NVD",
        "id": "CVE-2018-4226",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "104888"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "Multiple Apple product Security Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-607"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "overflow, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      }
    ],
    "trust": 0.6
  }
}

VAR-202209-0773

Vulnerability from variot - Updated: 2026-04-10 23:33

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. Apple is aware of a report that this issue may have been actively exploited. Apple is aware of a report that this issue may have been actively exploited.

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16

iOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213446.

Accelerate Framework Available for: iPhone 8 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki Entry added October 27, 2022

AppleAVD Available for: iPhone 8 and later Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, and an anonymous researcher Entry added October 27, 2022

AppleAVD Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__) Entry added October 27, 2022

Apple Neural Engine Available for: iPhone 8 and later Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36) Entry added October 27, 2022

Apple Neural Engine Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36) CVE-2022-32889: Mohamed Ghannam (@_simo36) Entry added October 27, 2022

Apple TV Available for: iPhone 8 and later Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved handling of caches. CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022

Contacts Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Crash Reporter Available for: iPhone 8 and later Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike Entry added October 27, 2022

DriverKit Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022

Exchange Available for: iPhone 8 and later Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher Entry added October 27, 2022

GPU Drivers Available for: iPhone 8 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26744: an anonymous researcher Entry added October 27, 2022

GPU Drivers Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32903: an anonymous researcher Entry added October 27, 2022

ImageIO Available for: iPhone 8 and later Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022

Image Processing Available for: iPhone 8 and later Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022

IOGPUFamily Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32887: an anonymous researcher Entry added October 27, 2022

Kernel Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022

Kernel Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab Entry updated October 27, 2022

Kernel Available for: iPhone 8 and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel Available for: iPhone 8 and later Impact: An application may be able to execute arbitrary code with kernel privileges. CVE-2022-32917: an anonymous researcher

Maps Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com

MediaLibrary Available for: iPhone 8 and later Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher

Notifications Available for: iPhone 8 and later Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer Entry added October 27, 2022

Photos Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd Entry added October 27, 2022

Safari Available for: iPhone 8 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: This issue was addressed with improved checks. CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati

Safari Extensions Available for: iPhone 8 and later Impact: A website may be able to track users through Safari web extensions Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 242278 CVE-2022-32868: Michael

Sandbox Available for: iPhone 8 and later Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022

Security Available for: iPhone 8 and later Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022

Shortcuts Available for: iPhone 8 and later Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2022-32872: Elite Tech Guru

Sidecar Available for: iPhone 8 and later Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022

Siri Available for: iPhone 8 and later Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/) Entry added October 27, 2022

SQLite Available for: iPhone 8 and later Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690 Entry added October 27, 2022

Time Zone Available for: iPhone 8 and later Impact: Deleted contacts may still appear in spotlight search results Description: A logic issue was addressed with improved state management. CVE-2022-32859 Entry added October 27, 2022

Watch app Available for: iPhone 8 and later Impact: An app may be able to read a persistent device identifier Description: This issue was addressed with improved entitlements. CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes) Entry added October 27, 2022

Weather Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022

WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022

WebKit Available for: iPhone 8 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243236 CVE-2022-32891: @real_as3617, and an anonymous researcher Entry added October 27, 2022

WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer, afang5472, xmzyshypnc

WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

WebKit Sandboxing Available for: iPhone 8 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab Entry added October 27, 2022

Wi-Fi Available for: iPhone 8 and later Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32925: Wang Yu of Cyberserval Entry added October 27, 2022

Additional recognition

AirDrop We would like to acknowledge Alexander Heinrich, Milan Stute, and Christian Weinert of Technical University of Darmstadt for their assistance. Entry added October 27, 2022

AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance. Entry added October 27, 2022

Calendar UI We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance. Entry added October 27, 2022

FaceTime We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

Find My We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

Game Center We would like to acknowledge Joshua Jones for their assistance.

iCloud We would like to acknowledge Bülent Aytulun, and an anonymous researcher for their assistance. Entry added October 27, 2022

Identity Services We would like to acknowledge Joshua Jones for their assistance.

Kernel We would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, and an anonymous researcher for their assistance. Entry added October 27, 2022

Mail We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

Notes We would like to acknowledge Edward Riley of Iron Cloud Limited (ironclouduk.com) for their assistance. Entry added October 27, 2022

Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance. Entry added October 27, 2022

Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added October 27, 2022

Shortcuts We would like to acknowledge Shay Dror for their assistance. Entry added October 27, 2022

SOS We would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber Security Lab for their assistance. Entry added October 27, 2022

UIKit We would like to acknowledge Aleczander Ewing, Simon de Vegt, and an anonymous researcher for their assistance. Entry added October 27, 2022

WebKit We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

WebRTC We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke NxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC C5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7 K+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM ZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK Etd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU Ur+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp rpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K tORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU rFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ Og/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR nYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac= =I+iq -----END PGP SIGNATURE-----

. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.7"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.7"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32864"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168361"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2022-32864",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-32864",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-32864",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-32864",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-32864",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202209-781",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32864"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. Apple is aware of a report that this issue may\nhave been actively exploited. Apple is aware of a report that this issue\nmay have been actively exploited. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641  To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\".  Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16\n\niOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213446. \n\nAccelerate Framework\nAvailable for: iPhone 8 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, and an anonymous researcher\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio\nZekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research\ns.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\nCVE-2022-32889: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple TV\nAvailable for: iPhone 8 and later\nImpact: An app may be able to access user-sensitive data\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nContacts\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nCrash Reporter\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\nEntry added October 27, 2022\n\nDriverKit\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nExchange\nAvailable for: iPhone 8 and later\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26744: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32903: an anonymous researcher\nEntry added October 27, 2022\n\nImageIO\nAvailable for: iPhone 8 and later\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\nIOGPUFamily\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32887: an anonymous researcher\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nEntry updated October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. \nCVE-2022-32917: an anonymous researcher \n\nMaps\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas, breakpointhq.com\n\nMediaLibrary\nAvailable for: iPhone 8 and later\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nNotifications\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\nEntry added October 27, 2022\n\nPhotos\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\nEntry added October 27, 2022\n\nSafari\nAvailable for: iPhone 8 and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: This issue was addressed with improved checks. \nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)\n@imnarendrabhati\n\nSafari Extensions\nAvailable for: iPhone 8 and later\nImpact: A website may be able to track users through Safari web\nextensions\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 242278\nCVE-2022-32868: Michael\n\nSandbox\nAvailable for: iPhone 8 and later\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nShortcuts\nAvailable for: iPhone 8 and later\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32872: Elite Tech Guru\n\nSidecar\nAvailable for: iPhone 8 and later\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSiri\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/andrew-goldberg-/)\nEntry added October 27, 2022\n\nSQLite\nAvailable for: iPhone 8 and later\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\nEntry added October 27, 2022\n\nTime Zone\nAvailable for: iPhone 8 and later\nImpact: Deleted contacts may still appear in spotlight search results\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32859\nEntry added October 27, 2022\n\nWatch app\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read a persistent device identifier\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)\nEntry added October 27, 2022\n\nWeather\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243236\nCVE-2022-32891: @real_as3617, and an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer, afang5472, xmzyshypnc\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\nEntry added October 27, 2022\n\nWi-Fi\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32925: Wang Yu of Cyberserval\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Alexander Heinrich, Milan Stute, and\nChristian Weinert of Technical University of Darmstadt for their\nassistance. \nEntry added October 27, 2022\n\nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \nEntry added October 27, 2022\n\nCalendar UI\nWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of\nLakshmi Narain College Of Technology Bhopal for their assistance. \nEntry added October 27, 2022\n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nGame Center\nWe would like to acknowledge Joshua Jones for their assistance. \n\niCloud\nWe would like to acknowledge B\u00fclent Aytulun, and an anonymous\nresearcher for their assistance. \nEntry added October 27, 2022\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nKernel\nWe would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting\nYin of Tsinghua University, and Min Zheng of Ant Group, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nNotes\nWe would like to acknowledge Edward Riley of Iron Cloud Limited\n(ironclouduk.com) for their assistance. \nEntry added October 27, 2022\n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \nEntry added October 27, 2022\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added October 27, 2022\n\nShortcuts\nWe would like to acknowledge Shay Dror for their assistance. \nEntry added October 27, 2022\n\nSOS\nWe would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber\nSecurity Lab for their assistance. \nEntry added October 27, 2022\n\nUIKit\nWe would like to acknowledge Aleczander Ewing, Simon de Vegt, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/  iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device.  The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device.  To\ncheck that the iPhone, iPod touch, or iPad has been updated:  *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 16\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke\nNxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC\nC5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7\nK+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM\nZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK\nEtd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU\nUr+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp\nrpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K\ntORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU\nrFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ\nOg/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR\nnYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac=\n=I+iq\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424953"
      },
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168361"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-424953",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424953"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32864",
        "trust": 4.0
      },
      {
        "db": "PACKETSTORM",
        "id": "168361",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169598",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5473",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4527",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5300",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5462",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-781",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169589",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169559",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169560",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169585",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168342",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168341",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-424953",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424953"
      },
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168361"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32864"
      }
    ]
  },
  "id": "VAR-202209-0773",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424953"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:33:59.696000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT213487 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT213443"
      },
      {
        "title": "Apple macOS Big Sur Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=208419"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32864"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/47"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/49"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/39"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/40"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/43"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/45"
      },
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht213443"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213486"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213487"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213444"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213445"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213446"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
      },
      {
        "trust": 0.7,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4527"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168361/apple-security-advisory-2022-09-12-4.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169598/apple-security-advisory-2022-10-27-13.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5462"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5473"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-39249"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213488"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32864/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32908"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32911"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32886"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32883"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32795"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32868"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32888"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32879"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32917"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32912"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32872"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht213445."
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32858"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32896"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213444."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213486."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32870"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32907"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32891"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213487."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32899"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32892"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32867"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32859"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26744"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213446."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32827"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213443."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424953"
      },
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168361"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32864"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424953",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168342",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168361",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169598",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169589",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169560",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169559",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169585",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-781",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32864",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-09-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424953",
        "ident": null
      },
      {
        "date": "2022-09-13T15:27:13",
        "db": "PACKETSTORM",
        "id": "168342",
        "ident": null
      },
      {
        "date": "2022-09-13T15:44:52",
        "db": "PACKETSTORM",
        "id": "168361",
        "ident": null
      },
      {
        "date": "2022-10-31T14:56:26",
        "db": "PACKETSTORM",
        "id": "169598",
        "ident": null
      },
      {
        "date": "2022-10-31T14:51:24",
        "db": "PACKETSTORM",
        "id": "169589",
        "ident": null
      },
      {
        "date": "2022-10-31T14:22:19",
        "db": "PACKETSTORM",
        "id": "169560",
        "ident": null
      },
      {
        "date": "2022-10-31T14:22:02",
        "db": "PACKETSTORM",
        "id": "169559",
        "ident": null
      },
      {
        "date": "2022-10-31T14:50:18",
        "db": "PACKETSTORM",
        "id": "169585",
        "ident": null
      },
      {
        "date": "2022-09-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-781",
        "ident": null
      },
      {
        "date": "2023-10-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018936",
        "ident": null
      },
      {
        "date": "2022-09-20T21:15:10.787000",
        "db": "NVD",
        "id": "CVE-2022-32864",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-11-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424953",
        "ident": null
      },
      {
        "date": "2022-11-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-781",
        "ident": null
      },
      {
        "date": "2023-10-24T01:46:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018936",
        "ident": null
      },
      {
        "date": "2022-11-04T12:46:56.100000",
        "db": "NVD",
        "id": "CVE-2022-32864",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-781"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Vulnerabilities in multiple Apple products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018936"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-781"
      }
    ],
    "trust": 0.6
  }
}

VAR-202404-0120

Vulnerability from variot - Updated: 2026-04-10 23:30

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58. Apache Software Foundation of Apache HTTP Server A vulnerability exists in products from multiple vendors, including improper validation of quantities specified in input.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-6729-2 April 17, 2024

apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro): apache2 2.4.29-1ubuntu4.27+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro): apache2 2.4.18-2ubuntu3.17+esm12

In general, a standard system update will make all the necessary changes.

References: https://ubuntu.com/security/notices/USN-6729-2 https://ubuntu.com/security/notices/USN-6729-1 CVE-2023-38709, CVE-2024-24795, CVE-2024-27316

For the oldstable distribution (bullseye), these problems have been fixed in version 2.4.59-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in version 2.4.59-1~deb12u1.

We recommend that you upgrade your apache2 packages.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

Packet Storm Staff

==================================================================== Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update Advisory ID: RHSA-2024:6927-03 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2024:6927 Issue date: 2024-09-24 Revision: 03 CVE Names: CVE-2023-38709 ====================================================================

Summary:

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available.

Description:

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.

Security Fix(es):

jbcs-httpd24-httpd: HTTP response splitting (CVE-2023-38709)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-31

                                       https://security.gentoo.org/

Severity: Low Title: Apache HTTPD: Multiple Vulnerabilities Date: September 28, 2024 Bugs: #928540, #935296, #935427, #936257 ID: 202409-31

Synopsis

Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service.

Affected packages

Package Vulnerable Unaffected

www-servers/apache < 2.4.62 >= 2.4.62

Description

Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Apache HTTPD users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.62"

References

[ 1 ] CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 [ 2 ] CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 [ 3 ] CVE-2024-27316 https://nvd.nist.gov/vuln/detail/CVE-2024-27316 [ 4 ] CVE-2024-36387 https://nvd.nist.gov/vuln/detail/CVE-2024-36387 [ 5 ] CVE-2024-38472 https://nvd.nist.gov/vuln/detail/CVE-2024-38472 [ 6 ] CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 [ 7 ] CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 [ 8 ] CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 [ 9 ] CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 [ 10 ] CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 [ 11 ] CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 [ 12 ] CVE-2024-39884 https://nvd.nist.gov/vuln/detail/CVE-2024-39884 [ 13 ] CVE-2024-40725 https://nvd.nist.gov/vuln/detail/CVE-2024-40725 [ 14 ] CVE-2024-40898 https://nvd.nist.gov/vuln/detail/CVE-2024-40898

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202409-31

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-07-29-2024-4 macOS Sonoma 14.6

macOS Sonoma 14.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214119.

Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories.

Accounts Available for: macOS Sonoma Impact: A malicious application may be able to access private information Description: The issue was addressed with improved checks. CVE-2024-40804: IES Red Team of ByteDance

apache Available for: macOS Sonoma Impact: Multiple issues in apache Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2023-38709: Yeto CVE-2024-24795: Yeto CVE-2024-27316: Yeto

APFS Available for: macOS Sonoma Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with improved restriction of data container access. CVE-2024-40783: Csaba Fitzl (@theevilbit) of Kandji

AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: A downgrade issue was addressed with additional code- signing restrictions. CVE-2024-40774: Mickey Jin (@patch1t) CVE-2024-40814: Mickey Jin (@patch1t)

AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to leak sensitive user information Description: A downgrade issue was addressed with additional code- signing restrictions. CVE-2024-40775: Mickey Jin (@patch1t)

AppleVA Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: The issue was addressed with improved memory handling. CVE-2024-27877: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

ASP TCP Available for: macOS Sonoma Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-27878: CertiK SkyFall Team

CoreGraphics Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2024-40799: D4m0n

CoreMedia Available for: macOS Sonoma Impact: Processing a maliciously crafted video file may lead to unexpected app termination Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-27873: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations

curl Available for: macOS Sonoma Impact: Multiple issues in curl Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466

DesktopServices Available for: macOS Sonoma Impact: An app may be able to overwrite arbitrary files Description: The issue was addressed with improved checks. CVE-2024-40827: an anonymous researcher

dyld Available for: macOS Sonoma Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with additional validation. CVE-2024-40815: w0wbox

Family Sharing Available for: macOS Sonoma Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved data protection. CVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji

ImageIO Available for: macOS Sonoma Impact: Processing an image may lead to a denial-of-service Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2023-6277 CVE-2023-52356

ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2024-40806: Yisumi

ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-40777: Junsung Lee working with Trend Micro Zero Day Initiative, and Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations

ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An integer overflow was addressed with improved input validation. CVE-2024-40784: Junsung Lee working with Trend Micro Zero Day Initiative, Gandalf4a

Kernel Available for: macOS Sonoma Impact: A local attacker may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved private data redaction for log entries. CVE-2024-27863: CertiK SkyFall Team

Kernel Available for: macOS Sonoma Impact: A local attacker may be able to cause unexpected system shutdown Description: An out-of-bounds read was addressed with improved input validation. CVE-2024-40816: sqrtpwn

Kernel Available for: macOS Sonoma Impact: A local attacker may be able to cause unexpected system shutdown Description: A type confusion issue was addressed with improved memory handling. CVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University

Keychain Access Available for: macOS Sonoma Impact: An attacker may be able to cause unexpected app termination Description: A type confusion issue was addressed with improved checks. CVE-2024-40803: Patrick Wardle of DoubleYou & the Objective-See Foundation

libxpc Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: A permissions issue was addressed with additional restrictions. CVE-2024-40805

Messages Available for: macOS Sonoma Impact: An app may be able to view a contact's phone number in system logs Description: The issue was addressed with improved checks. CVE-2024-40832: Rodolphe BRUNETTI (@eisw0lf)

NetworkExtension Available for: macOS Sonoma Impact: Private browsing may leak some browsing history Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2024-40796: Adam M.

OpenSSH Available for: macOS Sonoma Impact: A remote attacker may be able to cause arbitrary code execution Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-6387

PackageKit Available for: macOS Sonoma Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved checks. CVE-2024-40781: Mickey Jin (@patch1t) CVE-2024-40802: Mickey Jin (@patch1t)

PackageKit Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks. CVE-2024-40823: Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong

PackageKit Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: A permissions issue was addressed with additional restrictions. CVE-2024-27882: Mickey Jin (@patch1t) CVE-2024-27883: Mickey Jin (@patch1t), and Csaba Fitzl (@theevilbit) of Kandji

Photos Storage Available for: macOS Sonoma Impact: Photos in the Hidden Photos Album may be viewed without authentication Description: An authentication issue was addressed with improved state management. CVE-2024-40778: Mateen Alinaghi

Restore Framework Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: An input validation issue was addressed with improved input validation. CVE-2024-40800: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

Safari Available for: macOS Sonoma Impact: An app may bypass Gatekeeper checks Description: A race condition was addressed with improved locking. CVE-2023-27952: Csaba Fitzl (@theevilbit) of Offensive Security

Safari Available for: macOS Sonoma Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. CVE-2024-40817: Yadhu Krishna M and Narendra Bhati, Manager of Cyber Security At Suma Soft Pvt. Ltd, Pune (India)

Sandbox Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed through improved state management. CVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog), and Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong

Sandbox Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: A path handling issue was addressed with improved validation. CVE-2024-27871: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Kandji, and Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong

Scripting Bridge Available for: macOS Sonoma Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2024-27881: Kirin (@Pwnrin)

Security Available for: macOS Sonoma Impact: Third party app extensions may not receive the correct sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2024-40821: Joshua Jones

Security Available for: macOS Sonoma Impact: An app may be able to read Safari's browsing history Description: This issue was addressed with improved redaction of sensitive information. CVE-2024-40798: Adam M.

Security Initialization Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: This issue was addressed with improved validation of symlinks. CVE-2024-27872: Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong

Setup Assistant Available for: macOS Sonoma Impact: Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled Description: A logic issue was addressed with improved state management. CVE-2024-27862: Jiwon Park

Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: A logic issue was addressed with improved checks. CVE-2024-40833: an anonymous researcher CVE-2024-40835: an anonymous researcher CVE-2024-40836: an anonymous researcher CVE-2024-40807: an anonymous researcher

Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass sensitive Shortcuts app settings Description: This issue was addressed by adding an additional prompt for user consent. CVE-2024-40834: Marcio Almeida from Tanto Security

Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass Internet permission requirements Description: A logic issue was addressed with improved checks. CVE-2024-40809: an anonymous researcher CVE-2024-40812: an anonymous researcher

Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass Internet permission requirements Description: This issue was addressed by adding an additional prompt for user consent. CVE-2024-40787: an anonymous researcher

Shortcuts Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: This issue was addressed by removing the vulnerable code. CVE-2024-40793: Kirin (@Pwnrin)

Siri Available for: macOS Sonoma Impact: An attacker with physical access may be able to use Siri to access sensitive user data Description: This issue was addressed by restricting options offered on a locked device. CVE-2024-40818: Bistrit Dahal and Srijan Poudel

Siri Available for: macOS Sonoma Impact: An attacker with physical access to a device may be able to access contacts from the lock screen Description: This issue was addressed by restricting options offered on a locked device. CVE-2024-40822: Srijan Poudel

StorageKit Available for: macOS Sonoma Impact: A malicious app may be able to gain root privileges Description: The issue was addressed with improved checks. CVE-2024-40828: Mickey Jin (@patch1t)

sudo Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: The issue was addressed with improved checks. CVE-2024-40811: Arsenii Kostromin (0x3c3e)

WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 273176 CVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab WebKit Bugzilla: 268770 CVE-2024-40782: Maksymilian Motyl

WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 275431 CVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab WebKit Bugzilla: 275273 CVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab

WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. WebKit Bugzilla: 273805 CVE-2024-40785: Johan Carlsson (joaxcar)

WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with Trend Micro Zero Day Initiative

WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. WebKit Bugzilla: 274165 CVE-2024-4558

WebKit Available for: macOS Sonoma Impact: Private Browsing tabs may be accessed without authentication Description: This issue was addressed through improved state management. WebKit Bugzilla: 275272 CVE-2024-40794: Matthew Butler

Additional recognition

AirDrop We would like to acknowledge Linwz of DEVCORE for their assistance.

DiskArbitration We would like to acknowledge Yann GASCUEL of Alter Solutions for their assistance.

Image Capture We would like to acknowledge an anonymous researcher for their assistance.

Shortcuts We would like to acknowledge an anonymous researcher for their assistance.

WebKit We would like to acknowledge an anonymous researcher for their assistance.

macOS Sonoma 14.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Releases web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoH5kACgkQX+5d1TXa IvoS9g/9FoLSV93tVrIOZIM4w/BEZRFu/T1DfMPzOsZsOrvaQicKq7ezW+pRrMXI G0QBIz1QGCYZikcbyQOpgzl9Rk7ckfq+mMCn1ESWku1DbR6MOU7lZEpWRsjYStQY ra6BRT45GPtGG0YFyQXGnxMoS5IXopV5tmgQ4M4585xXso4/Dw192Vq/68NPIB2V ywa6fCo6VC7/hHMe0v5GFVJzmSymEYF3b0CNHZVFx1K793hHrYjH1Dj4NcRlqyln Kp3IrABhPPW8l67gS6f8RicZwzWOH3Ubwv4kivlTtDusqeX+/7mlXrvGTYd5G39P 70jSwUeekfYkQYGT5yLjFCOTM98ApG4iHnryEkpNldMk9JRozoN3VT5PDv6b7EtR YsG1UiZNn0rq1TurFHdsX7G8LZX1jBe1XNy883FeuPlXuPQwGcds+Q5UpiGoM5Kj xx0SGiaK4Lg9tOsGDvHDvrtgl9vIGYy07953Gre+xUhdNs+AnG8KhwKs+n3WYjcL lH3ffMkq/NTVohaNaIcNk4YQ7Y5+y9Y0Z2YuYTmaOipxMNEpOnvJj6LB1H5Qgj4M LIuUxs1gl2b7B93J95w8FmdFewvUCgcZwTxU2ltsYAcZHnRwWE0twYP5v1Pc8tOG MZuvS0pTI+hgve1viS0inOnRpoYv+KzkaSYEhvsS16NgDuRUOqE= =eOPj -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "ontap tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "10"
      },
      {
        "_id": null,
        "model": "fabric operating system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "_id": null,
        "model": "ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9"
      },
      {
        "_id": null,
        "model": "http server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.4.59"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "40"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "39"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "38"
      },
      {
        "_id": null,
        "model": "ontap",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "14.6"
      },
      {
        "_id": null,
        "model": "ontap tools",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "_id": null,
        "model": "fabric operating system",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38709"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "179274"
      },
      {
        "db": "PACKETSTORM",
        "id": "181748"
      },
      {
        "db": "PACKETSTORM",
        "id": "181747"
      },
      {
        "db": "PACKETSTORM",
        "id": "182614"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2023-38709",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-38709",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "Low",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2023-029234",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2023-38709",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2023-029234",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38709"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. \n\nThis issue affects Apache HTTP Server: through 2.4.58. Apache Software Foundation of Apache HTTP Server A vulnerability exists in products from multiple vendors, including improper validation of quantities specified in input.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-6729-2\nApril 17, 2024\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. \n\nOriginal advisory details:\n\n Orange Tsai discovered that the Apache HTTP Server incorrectly handled\n validating certain input. A remote attacker could possibly use this\n issue to perform HTTP request splitting attacks. (CVE-2023-38709)\n\n Keran Mu and Jianjun Chen discovered that the Apache HTTP Server\n incorrectly handled validating certain input. A remote attacker could\n possibly use this issue to perform HTTP request splitting attacks. \n (CVE-2024-24795)\n\n Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled endless continuation frames. A remote attacker could\n possibly use this issue to cause the server to consume resources, leading\n to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. \n (CVE-2024-27316)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n  apache2                         2.4.29-1ubuntu4.27+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n  apache2                         2.4.18-2ubuntu3.17+esm12\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-6729-2\n  https://ubuntu.com/security/notices/USN-6729-1\n  CVE-2023-38709, CVE-2024-24795, CVE-2024-27316\n\n. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 2.4.59-1~deb11u1. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 2.4.59-1~deb12u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis:           Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update\nAdvisory ID:        RHSA-2024:6927-03\nProduct:            Red Hat JBoss Core Services\nAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6927\nIssue date:         2024-09-24\nRevision:           03\nCVE Names:          CVE-2023-38709\n====================================================================\n\nSummary: \n\nRed Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available. \n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. \n\nSecurity Fix(es):\n\n* jbcs-httpd24-httpd: HTTP response splitting (CVE-2023-38709)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202409-31\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n    Title: Apache HTTPD: Multiple Vulnerabilities\n     Date: September 28, 2024\n     Bugs: #928540, #935296, #935427, #936257\n       ID: 202409-31\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache HTTPD, the worst of\nwhich could result in denial of service. \n\nAffected packages\n=================\n\nPackage             Vulnerable    Unaffected\n------------------  ------------  ------------\nwww-servers/apache  \u003c 2.4.62      \u003e= 2.4.62\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache HTTPD. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTPD users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.62\"\n\nReferences\n==========\n\n[ 1 ] CVE-2023-38709\n      https://nvd.nist.gov/vuln/detail/CVE-2023-38709\n[ 2 ] CVE-2024-24795\n      https://nvd.nist.gov/vuln/detail/CVE-2024-24795\n[ 3 ] CVE-2024-27316\n      https://nvd.nist.gov/vuln/detail/CVE-2024-27316\n[ 4 ] CVE-2024-36387\n      https://nvd.nist.gov/vuln/detail/CVE-2024-36387\n[ 5 ] CVE-2024-38472\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38472\n[ 6 ] CVE-2024-38473\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38473\n[ 7 ] CVE-2024-38474\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38474\n[ 8 ] CVE-2024-38475\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38475\n[ 9 ] CVE-2024-38476\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38476\n[ 10 ] CVE-2024-38477\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38477\n[ 11 ] CVE-2024-39573\n      https://nvd.nist.gov/vuln/detail/CVE-2024-39573\n[ 12 ] CVE-2024-39884\n      https://nvd.nist.gov/vuln/detail/CVE-2024-39884\n[ 13 ] CVE-2024-40725\n      https://nvd.nist.gov/vuln/detail/CVE-2024-40725\n[ 14 ] CVE-2024-40898\n      https://nvd.nist.gov/vuln/detail/CVE-2024-40898\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202409-31\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-07-29-2024-4 macOS Sonoma 14.6\n\nmacOS Sonoma 14.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT214119. \n\nApple maintains a Security Releases page at\nhttps://support.apple.com/HT201222 which lists recent\nsoftware updates with security advisories. \n\nAccounts\nAvailable for: macOS Sonoma\nImpact: A malicious application may be able to access private\ninformation\nDescription: The issue was addressed with improved checks. \nCVE-2024-40804: IES Red Team of ByteDance\n\napache\nAvailable for: macOS Sonoma\nImpact: Multiple issues in apache\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2023-38709: Yeto\nCVE-2024-24795: Yeto\nCVE-2024-27316: Yeto\n\nAPFS\nAvailable for: macOS Sonoma\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with improved restriction of data\ncontainer access. \nCVE-2024-40783: Csaba Fitzl (@theevilbit) of Kandji\n\nAppleMobileFileIntegrity\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: A downgrade issue was addressed with additional code-\nsigning restrictions. \nCVE-2024-40774: Mickey Jin (@patch1t)\nCVE-2024-40814: Mickey Jin (@patch1t)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Sonoma\nImpact: An app may be able to leak sensitive user information\nDescription: A downgrade issue was addressed with additional code-\nsigning restrictions. \nCVE-2024-40775: Mickey Jin (@patch1t)\n\nAppleVA\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: The issue was addressed with improved memory handling. \nCVE-2024-27877: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nASP TCP\nAvailable for: macOS Sonoma\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A buffer overflow issue was addressed with improved memory\nhandling. \nCVE-2024-27878: CertiK SkyFall Team\n\nCoreGraphics\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2024-40799: D4m0n\n\nCoreMedia\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted video file may lead to\nunexpected app termination\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2024-27873: Amir Bazine and Karsten K\u00f6nig of CrowdStrike Counter\nAdversary Operations\n\ncurl\nAvailable for: macOS Sonoma\nImpact: Multiple issues in curl\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2024-2004\nCVE-2024-2379\nCVE-2024-2398\nCVE-2024-2466\n\nDesktopServices\nAvailable for: macOS Sonoma\nImpact: An app may be able to overwrite arbitrary files\nDescription: The issue was addressed with improved checks. \nCVE-2024-40827: an anonymous researcher\n\ndyld\nAvailable for: macOS Sonoma\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with additional validation. \nCVE-2024-40815: w0wbox\n\nFamily Sharing\nAvailable for: macOS Sonoma\nImpact: An app may be able to read sensitive location information\nDescription: This issue was addressed with improved data protection. \nCVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing an image may lead to a denial-of-service\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2023-6277\nCVE-2023-52356\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2024-40806: Yisumi\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds access issue was addressed with improved\nbounds checking. \nCVE-2024-40777: Junsung Lee working with Trend Micro Zero Day\nInitiative, and Amir Bazine and Karsten K\u00f6nig of CrowdStrike Counter\nAdversary Operations\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2024-40784: Junsung Lee working with Trend Micro Zero Day\nInitiative, Gandalf4a\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed with improved\nprivate data redaction for log entries. \nCVE-2024-27863: CertiK SkyFall Team\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to cause unexpected system shutdown\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2024-40816: sqrtpwn\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to cause unexpected system shutdown\nDescription: A type confusion issue was addressed with improved memory\nhandling. \nCVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University\n\nKeychain Access\nAvailable for: macOS Sonoma\nImpact: An attacker may be able to cause unexpected app termination\nDescription: A type confusion issue was addressed with improved checks. \nCVE-2024-40803: Patrick Wardle of DoubleYou \u0026 the Objective-See\nFoundation\n\nlibxpc\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2024-40805\n\nMessages\nAvailable for: macOS Sonoma\nImpact: An app may be able to view a contact\u0027s phone number in system\nlogs\nDescription: The issue was addressed with improved checks. \nCVE-2024-40832: Rodolphe BRUNETTI (@eisw0lf)\n\nNetworkExtension\nAvailable for: macOS Sonoma\nImpact: Private browsing may leak some browsing history\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2024-40796: Adam M. \n\nOpenSSH\nAvailable for: macOS Sonoma\nImpact: A remote attacker may be able to cause arbitrary code execution\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2024-6387\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved checks. \nCVE-2024-40781: Mickey Jin (@patch1t)\nCVE-2024-40802: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: An app may be able to access user-sensitive data\nDescription: The issue was addressed with improved checks. \nCVE-2024-40823: Zhongquan Li (@Guluisacat) from Dawn Security Lab of\nJingDong\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2024-27882: Mickey Jin (@patch1t)\nCVE-2024-27883: Mickey Jin (@patch1t), and Csaba Fitzl (@theevilbit) of\nKandji\n\nPhotos Storage\nAvailable for: macOS Sonoma\nImpact: Photos in the Hidden Photos Album may be viewed without\nauthentication\nDescription: An authentication issue was addressed with improved state\nmanagement. \nCVE-2024-40778: Mateen Alinaghi\n\nRestore Framework\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: An input validation issue was addressed with improved input\nvalidation. \nCVE-2024-40800: Claudio Bozzato and Francesco Benvenuto of Cisco Talos\n\nSafari\nAvailable for: macOS Sonoma\nImpact: An app may bypass Gatekeeper checks\nDescription: A race condition was addressed with improved locking. \nCVE-2023-27952: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSafari\nAvailable for: macOS Sonoma\nImpact: Visiting a website that frames malicious content may lead to UI\nspoofing\nDescription: The issue was addressed with improved UI handling. \nCVE-2024-40817: Yadhu Krishna M and Narendra Bhati, Manager of Cyber\nSecurity At Suma Soft Pvt. Ltd, Pune (India)\n\nSandbox\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed through improved state management. \nCVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog), and\nZhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong\n\nSandbox\nAvailable for: macOS Sonoma\nImpact: An app may be able to access protected user data\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2024-27871: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of\nKandji, and Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong\n\nScripting Bridge\nAvailable for: macOS Sonoma\nImpact: An app may be able to access information about a user\u2019s contacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2024-27881: Kirin (@Pwnrin)\n\nSecurity\nAvailable for: macOS Sonoma\nImpact: Third party app extensions may not receive the correct sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2024-40821: Joshua Jones\n\nSecurity\nAvailable for: macOS Sonoma\nImpact: An app may be able to read Safari\u0027s browsing history\nDescription: This issue was addressed with improved redaction of\nsensitive information. \nCVE-2024-40798: Adam M. \n\nSecurity Initialization\nAvailable for: macOS Sonoma\nImpact: An app may be able to access protected user data\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2024-27872: Zhongquan Li (@Guluisacat) of Dawn Security Lab of\nJingDong\n\nSetup Assistant\nAvailable for: macOS Sonoma\nImpact: Enabling Lockdown Mode while setting up a Mac may cause\nFileVault to become unexpectedly disabled\nDescription: A logic issue was addressed with improved state management. \nCVE-2024-27862: Jiwon Park\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to use sensitive data with certain\nactions without prompting the user\nDescription: A logic issue was addressed with improved checks. \nCVE-2024-40833: an anonymous researcher\nCVE-2024-40835: an anonymous researcher\nCVE-2024-40836: an anonymous researcher\nCVE-2024-40807: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass sensitive Shortcuts app\nsettings\nDescription: This issue was addressed by adding an additional prompt for\nuser consent. \nCVE-2024-40834: Marcio Almeida from Tanto Security\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass Internet permission\nrequirements\nDescription: A logic issue was addressed with improved checks. \nCVE-2024-40809: an anonymous researcher\nCVE-2024-40812: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass Internet permission\nrequirements\nDescription: This issue was addressed by adding an additional prompt for\nuser consent. \nCVE-2024-40787: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by removing the vulnerable code. \nCVE-2024-40793: Kirin (@Pwnrin)\n\nSiri\nAvailable for: macOS Sonoma\nImpact: An attacker with physical access may be able to use Siri to\naccess sensitive user data\nDescription: This issue was addressed by restricting options offered on\na locked device. \nCVE-2024-40818: Bistrit Dahal and Srijan Poudel\n\nSiri\nAvailable for: macOS Sonoma\nImpact: An attacker with physical access to a device may be able to\naccess contacts from the lock screen\nDescription: This issue was addressed by restricting options offered on\na locked device. \nCVE-2024-40822: Srijan Poudel\n\nStorageKit\nAvailable for: macOS Sonoma\nImpact: A malicious app may be able to gain root privileges\nDescription: The issue was addressed with improved checks. \nCVE-2024-40828: Mickey Jin (@patch1t)\n\nsudo\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: The issue was addressed with improved checks. \nCVE-2024-40811: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: A use-after-free issue was addressed with improved memory\nmanagement. \nWebKit Bugzilla: 273176\nCVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab\nWebKit Bugzilla: 268770\nCVE-2024-40782: Maksymilian Motyl\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 275431\nCVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab\nWebKit Bugzilla: 275273\nCVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to a cross\nsite scripting attack\nDescription: This issue was addressed with improved checks. \nWebKit Bugzilla: 273805\nCVE-2024-40785: Johan Carlsson (joaxcar)\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: An out-of-bounds access issue was addressed with improved\nbounds checking. \nCVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nWebKit Bugzilla: 274165\nCVE-2024-4558\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Private Browsing tabs may be accessed without authentication\nDescription: This issue was addressed through improved state management. \nWebKit Bugzilla: 275272\nCVE-2024-40794: Matthew Butler\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Linwz of DEVCORE for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Yann GASCUEL of Alter Solutions for their\nassistance. \n\nImage Capture\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nShortcuts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Sonoma 14.6 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Releases\nweb site: https://support.apple.com/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoH5kACgkQX+5d1TXa\nIvoS9g/9FoLSV93tVrIOZIM4w/BEZRFu/T1DfMPzOsZsOrvaQicKq7ezW+pRrMXI\nG0QBIz1QGCYZikcbyQOpgzl9Rk7ckfq+mMCn1ESWku1DbR6MOU7lZEpWRsjYStQY\nra6BRT45GPtGG0YFyQXGnxMoS5IXopV5tmgQ4M4585xXso4/Dw192Vq/68NPIB2V\nywa6fCo6VC7/hHMe0v5GFVJzmSymEYF3b0CNHZVFx1K793hHrYjH1Dj4NcRlqyln\nKp3IrABhPPW8l67gS6f8RicZwzWOH3Ubwv4kivlTtDusqeX+/7mlXrvGTYd5G39P\n70jSwUeekfYkQYGT5yLjFCOTM98ApG4iHnryEkpNldMk9JRozoN3VT5PDv6b7EtR\nYsG1UiZNn0rq1TurFHdsX7G8LZX1jBe1XNy883FeuPlXuPQwGcds+Q5UpiGoM5Kj\nxx0SGiaK4Lg9tOsGDvHDvrtgl9vIGYy07953Gre+xUhdNs+AnG8KhwKs+n3WYjcL\nlH3ffMkq/NTVohaNaIcNk4YQ7Y5+y9Y0Z2YuYTmaOipxMNEpOnvJj6LB1H5Qgj4M\nLIuUxs1gl2b7B93J95w8FmdFewvUCgcZwTxU2ltsYAcZHnRwWE0twYP5v1Pc8tOG\nMZuvS0pTI+hgve1viS0inOnRpoYv+KzkaSYEhvsS16NgDuRUOqE=\n=eOPj\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-38709"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234"
      },
      {
        "db": "PACKETSTORM",
        "id": "179274"
      },
      {
        "db": "PACKETSTORM",
        "id": "178035"
      },
      {
        "db": "PACKETSTORM",
        "id": "178131"
      },
      {
        "db": "PACKETSTORM",
        "id": "178096"
      },
      {
        "db": "PACKETSTORM",
        "id": "178298"
      },
      {
        "db": "PACKETSTORM",
        "id": "181748"
      },
      {
        "db": "PACKETSTORM",
        "id": "181747"
      },
      {
        "db": "PACKETSTORM",
        "id": "181910"
      },
      {
        "db": "PACKETSTORM",
        "id": "179789"
      },
      {
        "db": "PACKETSTORM",
        "id": "182614"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-38709",
        "trust": 3.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2024/04/04/3",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2025/07/10/3",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2025/07/10/2",
        "trust": 1.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-319-04",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU96191615",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91930855",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99032532",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "179274",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "178035",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "178131",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "178096",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "178298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "181748",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "181747",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "181910",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "179789",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "182614",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "179274"
      },
      {
        "db": "PACKETSTORM",
        "id": "178035"
      },
      {
        "db": "PACKETSTORM",
        "id": "178131"
      },
      {
        "db": "PACKETSTORM",
        "id": "178096"
      },
      {
        "db": "PACKETSTORM",
        "id": "178298"
      },
      {
        "db": "PACKETSTORM",
        "id": "181748"
      },
      {
        "db": "PACKETSTORM",
        "id": "181747"
      },
      {
        "db": "PACKETSTORM",
        "id": "181910"
      },
      {
        "db": "PACKETSTORM",
        "id": "179789"
      },
      {
        "db": "PACKETSTORM",
        "id": "182614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38709"
      }
    ]
  },
  "id": "VAR-202404-0120",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.625
  },
  "last_update_date": "2026-04-10T23:30:53.560000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "120911",
        "trust": 0.8,
        "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-1284",
        "trust": 1.0
      },
      {
        "problemtype": "Improper validation of quantity specified in input (CWE-1284) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38709"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38709"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2024/jul/18"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2024/04/04/3"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
      },
      {
        "trust": 1.0,
        "url": "https://support.apple.com/kb/ht214119"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2025/07/10/3"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/i2n2nzex3mr64iwsgl3qgn7ksrugaemf/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lx5u34kygdyprh3aj6mddcbjdwdpxnvj/"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wnv4szapvs43dzwnfu7xbyyozezmi4zc/"
      },
      {
        "trust": 1.0,
        "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99032532/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96191615/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91930855/"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-04"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27316"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-24795"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273491"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://ubuntu.com/security/notices/usn-6729-1"
      },
      {
        "trust": 0.2,
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_6_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4197.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:4197"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.57-2ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6729-2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-43622"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-45802"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/apache2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31122"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6729-3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.1"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:6928"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6928.json"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295011"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:6927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-36387"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38474"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38476"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-39573"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38473"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-39884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38475"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/202409-31"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-40898"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-40725"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38477"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27872"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27952"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2004"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-52356"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27863"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2466"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27871"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2398"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27862"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht214119."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273499"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:9306"
      },
      {
        "trust": 0.1,
        "url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-14668"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-6576"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-49856"
      },
      {
        "trust": 0.1,
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9306.json"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-6575"
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "179274"
      },
      {
        "db": "PACKETSTORM",
        "id": "178035"
      },
      {
        "db": "PACKETSTORM",
        "id": "178131"
      },
      {
        "db": "PACKETSTORM",
        "id": "178096"
      },
      {
        "db": "PACKETSTORM",
        "id": "178298"
      },
      {
        "db": "PACKETSTORM",
        "id": "181748"
      },
      {
        "db": "PACKETSTORM",
        "id": "181747"
      },
      {
        "db": "PACKETSTORM",
        "id": "181910"
      },
      {
        "db": "PACKETSTORM",
        "id": "179789"
      },
      {
        "db": "PACKETSTORM",
        "id": "182614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38709"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "PACKETSTORM",
        "id": "179274",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "178035",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "178131",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "178096",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "178298",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "181748",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "181747",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "181910",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "179789",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "182614",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38709",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2024-07-01T14:40:30",
        "db": "PACKETSTORM",
        "id": "179274",
        "ident": null
      },
      {
        "date": "2024-04-12T14:46:14",
        "db": "PACKETSTORM",
        "id": "178035",
        "ident": null
      },
      {
        "date": "2024-04-18T15:28:17",
        "db": "PACKETSTORM",
        "id": "178131",
        "ident": null
      },
      {
        "date": "2024-04-17T15:49:51",
        "db": "PACKETSTORM",
        "id": "178096",
        "ident": null
      },
      {
        "date": "2024-04-29T14:47:52",
        "db": "PACKETSTORM",
        "id": "178298",
        "ident": null
      },
      {
        "date": "2024-09-24T13:46:16",
        "db": "PACKETSTORM",
        "id": "181748",
        "ident": null
      },
      {
        "date": "2024-09-24T13:46:08",
        "db": "PACKETSTORM",
        "id": "181747",
        "ident": null
      },
      {
        "date": "2024-09-30T14:35:24",
        "db": "PACKETSTORM",
        "id": "181910",
        "ident": null
      },
      {
        "date": "2024-07-30T12:21:31",
        "db": "PACKETSTORM",
        "id": "179789",
        "ident": null
      },
      {
        "date": "2024-11-13T15:40:54",
        "db": "PACKETSTORM",
        "id": "182614",
        "ident": null
      },
      {
        "date": "2025-07-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-029234",
        "ident": null
      },
      {
        "date": "2024-04-04T20:15:08.047000",
        "db": "NVD",
        "id": "CVE-2023-38709",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2025-07-15T05:48:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-029234",
        "ident": null
      },
      {
        "date": "2025-11-04T22:15:53.457000",
        "db": "NVD",
        "id": "CVE-2023-38709",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "178035"
      },
      {
        "db": "PACKETSTORM",
        "id": "178131"
      },
      {
        "db": "PACKETSTORM",
        "id": "178298"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "_id": null,
    "data": "Apache\u00a0Software\u00a0Foundation\u00a0 of \u00a0Apache\u00a0HTTP\u00a0Server\u00a0 Vulnerability related to improper validation of quantities specified in inputs in products from multiple vendors such as",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-029234"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "overflow, spoof, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "179789"
      }
    ],
    "trust": 0.1
  }
}

VAR-202210-1070

Vulnerability from variot - Updated: 2026-04-10 23:25

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Summary:

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Description:

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

JIRA issues fixed (https://issues.jboss.org/):

OADP-1056 - DPA fails validation if multiple BSLs have the same provider OADP-1150 - Handle docker env config changes in the oadp-operator OADP-1217 - update velero + restic to 1.9.5 OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found" OADP-290 - Remove creation/usage of velero-privileged SCC

Description:

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified 2162517 - CVE-2023-22736 argocd: Controller reconciles apps outside configured namespaces when sharding is enabled

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2023:0338-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0338 Issue date: 2023-01-23 CVE Names: CVE-2022-40303 CVE-2022-40304 ==================================================================== 1. Summary:

An update for libxml2 is now available for Red Hat Enterprise Linux 9.

Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

Description:

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The desktop must be restarted (log out, then log back in) for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles

Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64: libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm libxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm libxml2-devel-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm

ppc64le: libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm libxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm libxml2-devel-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm

s390x: libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm libxml2-debugsource-2.9.13-3.el9_1.s390x.rpm libxml2-devel-2.9.13-3.el9_1.s390x.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm

x86_64: libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm libxml2-debugsource-2.9.13-3.el9_1.i686.rpm libxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm libxml2-devel-2.9.13-3.el9_1.i686.rpm libxml2-devel-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source: libxml2-2.9.13-3.el9_1.src.rpm

aarch64: libxml2-2.9.13-3.el9_1.aarch64.rpm libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm libxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm

ppc64le: libxml2-2.9.13-3.el9_1.ppc64le.rpm libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm libxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm

s390x: libxml2-2.9.13-3.el9_1.s390x.rpm libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm libxml2-debugsource-2.9.13-3.el9_1.s390x.rpm python3-libxml2-2.9.13-3.el9_1.s390x.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm

x86_64: libxml2-2.9.13-3.el9_1.i686.rpm libxml2-2.9.13-3.el9_1.x86_64.rpm libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm libxml2-debugsource-2.9.13-3.el9_1.i686.rpm libxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

2171870 - CVE-2023-0923 odh-notebook-controller-container: Missing authorization allows for file contents disclosure

JIRA issues fixed (https://issues.jboss.org/):

RHODS-6123 - Update dsp repo to match upstream kfp-tekton repo RHODS-6136 - Verify status of manifests RHODS-6330 - Remove Openvino and Etcd images from quay for self-managed deployments RHODS-6779 - [Model Serving] fallback image for ovms is not published, leading to image pull errors in upgrade scenarios

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-12-13-8 watchOS 9.2

watchOS 9.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213536.

Accounts Available for: Apple Watch Series 4 and later Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection. CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD Available for: Apple Watch Series 4 and later Impact: Parsing a maliciously crafted video file may lead to kernel code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46694: Andrey Labunets and Nikita Tarakanov

AppleMobileFileIntegrity Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime. CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing

CoreServices Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: Multiple issues were addressed by removing the vulnerable code. CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO Available for: Apple Watch Series 4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46693: Mickey Jin (@patch1t)

IOHIDFamily Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03)

IOMobileFrameBuffer Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46690: John Aakerblom (@jaakerblom)

iTunes Store Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2022-42837: an anonymous researcher

Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero

Kernel Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

Kernel Available for: Apple Watch Series 4 and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupé of ASU SEFCOM

libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2022-40303: Maddie Stone of Google Project Zero

libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero

Safari Available for: Apple Watch Series 4 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2022-46695: KirtiKumar Anandrao Ramchandani

Software Update Available for: Apple Watch Series 4 and later Impact: A user may be able to elevate privileges Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2022-42849: Mickey Jin (@patch1t)

Weather Available for: Apple Watch Series 4 and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2022-42866: an anonymous researcher

WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 245521 CVE-2022-42867: Maddie Stone of Google Project Zero

WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. WebKit Bugzilla: 245466 CVE-2022-46691: an anonymous researcher

WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 246783 CVE-2022-46692: KirtiKumar Anandrao Ramchandani

WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative

WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 246942 CVE-2022-46696: Samuel Groß of Google V8 Security WebKit Bugzilla: 247562 CVE-2022-46700: Samuel Groß of Google V8 Security

WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks. CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 247420 CVE-2022-46699: Samuel Groß of Google V8 Security WebKit Bugzilla: 244622 CVE-2022-42863: an anonymous researcher

Additional recognition

Kernel We would like to acknowledge Zweig of Kunlun Lab for their assistance.

Safari Extensions We would like to acknowledge Oliver Dunk and Christian R. of 1Password for their assistance.

WebKit We would like to acknowledge an anonymous researcher and scarlet for their assistance.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke NxlyKA//eeU/txeqNxHM7JQE6xFrlla1tinQYMjbLhMgzdTbKpPjX8aHVqFfLB/Q 5nH+NqrGs4HQwNQJ6fSiBIId0th71mgX7W3Noa1apzFh7Okl6IehczkAFB9OH7ve vnwiEECGU0hUNmbIi0s9HuuBo6eSNPFsJt0Jqn8ovV+F9bc+ftl/IRv6q2vg3rl3 DNag62BCmCN4uXmqoJ4CKg7cNbddvma0bDbB1yYujxdmFwm4JGN6aittXE3WtPK2 GH2/UxdZll8FR7Zegh1ziUcTaLR4dwHlXRFgc6WC8hqx6T8imNh1heAPwzhT+Iag piObDoMs7UYFKF/eQ8LUcl4hX8IOdLFO5I+BcvCzOcKqHutPqbE8QRU9yqjcQlsJ sOV7GT9W9J+QhibpIJbLVkkQp5djPZ8mLP0OKiRN1quEDWMrquPdM+r9ftJwEIki PLL/ur9c7geXCJCLzglMSMkNcoGZk77qzfJuPdoE0lD6zjdvBHalF5j8S0a1+9gi ex3zU1I+ixqg7CvLNfkSjLcO9KOoPEFHnqEFrrO17QWWyraugrPgV0dMYArGRBpA FofYP6bXLv8eSUNuyOoQxF6kS4ChYgLUabl2NYqop9LoRWAtDAclTiabuvDJPfqA W09wxdhbpp2saxt8LlQjffzOmHJST6oHhHZiFiFswRM0q0nue6I= =DltD -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.2"
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.7.2"
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.7.2"
      },
      {
        "_id": null,
        "model": "libxml2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "xmlsoft",
        "version": "2.10.3"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.7.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "manageability software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "snapmanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6.2"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-40304"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "171310"
      },
      {
        "db": "PACKETSTORM",
        "id": "170753"
      },
      {
        "db": "PACKETSTORM",
        "id": "170752"
      },
      {
        "db": "PACKETSTORM",
        "id": "170668"
      },
      {
        "db": "PACKETSTORM",
        "id": "170754"
      },
      {
        "db": "PACKETSTORM",
        "id": "171173"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-40304",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-40304",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-40304",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-40304",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202210-1022",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40304"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40304"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Summary:\n\nOpenShift API for Data Protection (OADP) 1.1.2 is now available. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-1056 - DPA fails validation if multiple BSLs have the same provider\nOADP-1150 - Handle docker env config changes in the oadp-operator\nOADP-1217 - update velero + restic to 1.9.5\nOADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed\nOADP-1289 - Restore partially fails with error \"Secrets \\\"deployer-token-rrjqx\\\" not found\"\nOADP-290 - Remove creation/usage of velero-privileged SCC\n\n6. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified\n2162517 - CVE-2023-22736 argocd: Controller reconciles apps outside configured namespaces when sharding is enabled\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: libxml2 security update\nAdvisory ID:       RHSA-2023:0338-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:0338\nIssue date:        2023-01-23\nCVE Names:         CVE-2022-40303 CVE-2022-40304\n====================================================================\n1. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSecurity Fix(es):\n\n* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)\n\n* libxml2: dict corruption caused by entity reference cycles\n(CVE-2022-40304)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update\nto take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE\n2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nlibxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-devel-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-devel-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.s390x.rpm\nlibxml2-devel-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.i686.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-devel-2.9.13-3.el9_1.i686.rpm\nlibxml2-devel-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nlibxml2-2.9.13-3.el9_1.src.rpm\n\naarch64:\nlibxml2-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\n\nppc64le:\nlibxml2-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\n\nx86_64:\nlibxml2-2.9.13-3.el9_1.i686.rpm\nlibxml2-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.i686.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. Bugs fixed (https://bugzilla.redhat.com/):\n\n2171870 - CVE-2023-0923 odh-notebook-controller-container: Missing authorization allows for file contents disclosure\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHODS-6123 - Update dsp repo to match upstream kfp-tekton repo\nRHODS-6136 - Verify status of manifests\nRHODS-6330 - Remove Openvino and Etcd images from quay for self-managed deployments\nRHODS-6779 - [Model Serving] fallback image for ovms is not published, leading to image pull errors in upgrade scenarios\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-12-13-8 watchOS 9.2\n\nwatchOS 9.2 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213536. \n\nAccounts\nAvailable for: Apple Watch Series 4 and later\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42843: Mickey Jin (@patch1t)\n\nAppleAVD\nAvailable for: Apple Watch Series 4 and later\nImpact: Parsing a maliciously crafted video file may lead to kernel\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46694: Andrey Labunets and Nikita Tarakanov\n\nAppleMobileFileIntegrity\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-42865: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nCoreServices\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: Multiple issues were addressed by removing the\nvulnerable code. \nCVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of\nOffensive Security\n\nImageIO\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46693: Mickey Jin (@patch1t)\n\nIOHIDFamily\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42864: Tommy Muir (@Muirey03)\n\nIOMobileFrameBuffer\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46690: John Aakerblom (@jaakerblom)\n\niTunes Store\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: An issue existed in the parsing of URLs. This issue was\naddressed with improved input validation. \nCVE-2022-42837: an anonymous researcher\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2022-46689: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42845: Adam Doup\u00e9 of ASU SEFCOM\n\nlibxml2\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2022-40303: Maddie Stone of Google Project Zero\n\nlibxml2\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project\nZero\n\nSafari\nAvailable for: Apple Watch Series 4 and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: A spoofing issue existed in the handling of URLs. This\nissue was addressed with improved input validation. \nCVE-2022-46695: KirtiKumar Anandrao Ramchandani\n\nSoftware Update\nAvailable for: Apple Watch Series 4 and later\nImpact: A user may be able to elevate privileges\nDescription: An access issue existed with privileged API calls. This\nissue was addressed with additional restrictions. \nCVE-2022-42849: Mickey Jin (@patch1t)\n\nWeather\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to read sensitive location information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-42866: an anonymous researcher\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 245521\nCVE-2022-42867: Maddie Stone of Google Project Zero\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 245466\nCVE-2022-46691: an anonymous researcher\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may bypass Same\nOrigin Policy\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 246783\nCVE-2022-46692: KirtiKumar Anandrao Ramchandani\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42852: hazbinhotel working with Trend Micro Zero Day\nInitiative\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 246942\nCVE-2022-46696: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 247562\nCVE-2022-46700: Samuel Gro\u00df of Google V8 Security\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 247420\nCVE-2022-46699: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 244622\nCVE-2022-42863: an anonymous researcher\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Zweig of Kunlun Lab for their\nassistance. \n\nSafari Extensions\nWe would like to acknowledge Oliver Dunk and Christian R. of\n1Password for their assistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher and scarlet for\ntheir assistance. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641  To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\".  Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke\nNxlyKA//eeU/txeqNxHM7JQE6xFrlla1tinQYMjbLhMgzdTbKpPjX8aHVqFfLB/Q\n5nH+NqrGs4HQwNQJ6fSiBIId0th71mgX7W3Noa1apzFh7Okl6IehczkAFB9OH7ve\nvnwiEECGU0hUNmbIi0s9HuuBo6eSNPFsJt0Jqn8ovV+F9bc+ftl/IRv6q2vg3rl3\nDNag62BCmCN4uXmqoJ4CKg7cNbddvma0bDbB1yYujxdmFwm4JGN6aittXE3WtPK2\nGH2/UxdZll8FR7Zegh1ziUcTaLR4dwHlXRFgc6WC8hqx6T8imNh1heAPwzhT+Iag\npiObDoMs7UYFKF/eQ8LUcl4hX8IOdLFO5I+BcvCzOcKqHutPqbE8QRU9yqjcQlsJ\nsOV7GT9W9J+QhibpIJbLVkkQp5djPZ8mLP0OKiRN1quEDWMrquPdM+r9ftJwEIki\nPLL/ur9c7geXCJCLzglMSMkNcoGZk77qzfJuPdoE0lD6zjdvBHalF5j8S0a1+9gi\nex3zU1I+ixqg7CvLNfkSjLcO9KOoPEFHnqEFrrO17QWWyraugrPgV0dMYArGRBpA\nFofYP6bXLv8eSUNuyOoQxF6kS4ChYgLUabl2NYqop9LoRWAtDAclTiabuvDJPfqA\nW09wxdhbpp2saxt8LlQjffzOmHJST6oHhHZiFiFswRM0q0nue6I=\n=DltD\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-40304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-429438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40304"
      },
      {
        "db": "PACKETSTORM",
        "id": "171310"
      },
      {
        "db": "PACKETSTORM",
        "id": "170753"
      },
      {
        "db": "PACKETSTORM",
        "id": "170752"
      },
      {
        "db": "PACKETSTORM",
        "id": "170668"
      },
      {
        "db": "PACKETSTORM",
        "id": "170754"
      },
      {
        "db": "PACKETSTORM",
        "id": "169857"
      },
      {
        "db": "PACKETSTORM",
        "id": "171173"
      },
      {
        "db": "PACKETSTORM",
        "id": "170318"
      }
    ],
    "trust": 1.8
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-429438",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429438"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-40304",
        "trust": 2.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169857",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "170318",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "170754",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169824",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170555",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "169620",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170955",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "169732",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170097",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.0246",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3732",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1467",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5286",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3143",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6321",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5792.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.0816",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1501",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5614",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1267",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.0513",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5455",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1041",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1398",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "170753",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "171173",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170752",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171016",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171043",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170899",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170096",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170312",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169858",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171042",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171017",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170315",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171040",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171260",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-429438",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40304",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171310",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170668",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40304"
      },
      {
        "db": "PACKETSTORM",
        "id": "171310"
      },
      {
        "db": "PACKETSTORM",
        "id": "170753"
      },
      {
        "db": "PACKETSTORM",
        "id": "170752"
      },
      {
        "db": "PACKETSTORM",
        "id": "170668"
      },
      {
        "db": "PACKETSTORM",
        "id": "170754"
      },
      {
        "db": "PACKETSTORM",
        "id": "169857"
      },
      {
        "db": "PACKETSTORM",
        "id": "171173"
      },
      {
        "db": "PACKETSTORM",
        "id": "170318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40304"
      }
    ]
  },
  "id": "VAR-202210-1070",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429438"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:25:26.950000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "libxml2 Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=215772"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2022-40304: dict corruption caused by entity reference cycles",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8363a596e2a5d2dc61357b1dbd72b616"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-40304"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-40304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-415",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-611",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429438"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40304"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213531"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213533"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213534"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213535"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213536"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/dec/21"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/dec/24"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/dec/25"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/dec/26"
      },
      {
        "trust": 1.7,
        "url": "https://gitlab.gnome.org/gnome/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"
      },
      {
        "trust": 1.7,
        "url": "https://gitlab.gnome.org/gnome/libxml2/-/tags"
      },
      {
        "trust": 1.7,
        "url": "https://gitlab.gnome.org/gnome/libxml2/-/tags/v2.10.3"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/dec/27"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-40304"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40304"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40303"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-40303"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1041"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170555/red-hat-security-advisory-2023-0173-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1267"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1467"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170318/apple-security-advisory-2022-12-13-8.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1501"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213505"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5286"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170955/red-hat-security-advisory-2023-0634-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169857/apple-security-advisory-2022-11-09-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170754/red-hat-security-advisory-2023-0468-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170097/ubuntu-security-notice-usn-5760-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213534"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.0246"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-40304/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169732/debian-security-advisory-5271-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/libxml2-three-vulnerabilities-39554"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169824/libxml2-attribute-parsing-double-free.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1398"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.0816"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169620/gentoo-linux-security-advisory-202210-39.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6321"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.0513"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5792.2"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5455"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5614"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-43680"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-42011"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-35737"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-46848"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-42010"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-42012"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43680"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42012"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2023-22482"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22482"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35737"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42010"
      },
      {
        "trust": 0.3,
        "url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42011"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-4415"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-47629"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-3821"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3821"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-46285"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2953"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-48303"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2880"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2869"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2058"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:1174"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2057"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4883"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-44617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2058"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2519"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2521"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2520"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2056"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2868"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1122"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2520"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1122"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2519"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0467"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22736"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-22736"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0338"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0468"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213505."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23521"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4415"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0977"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42867"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42849"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42845"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42852"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213536."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42859"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-429438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40304"
      },
      {
        "db": "PACKETSTORM",
        "id": "171310"
      },
      {
        "db": "PACKETSTORM",
        "id": "170753"
      },
      {
        "db": "PACKETSTORM",
        "id": "170752"
      },
      {
        "db": "PACKETSTORM",
        "id": "170668"
      },
      {
        "db": "PACKETSTORM",
        "id": "170754"
      },
      {
        "db": "PACKETSTORM",
        "id": "169857"
      },
      {
        "db": "PACKETSTORM",
        "id": "171173"
      },
      {
        "db": "PACKETSTORM",
        "id": "170318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40304"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-429438",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40304",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "171310",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170753",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170752",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170668",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170754",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169857",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "171173",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170318",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40304",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-429438",
        "ident": null
      },
      {
        "date": "2023-03-09T15:14:10",
        "db": "PACKETSTORM",
        "id": "171310",
        "ident": null
      },
      {
        "date": "2023-01-26T15:34:56",
        "db": "PACKETSTORM",
        "id": "170753",
        "ident": null
      },
      {
        "date": "2023-01-26T15:34:49",
        "db": "PACKETSTORM",
        "id": "170752",
        "ident": null
      },
      {
        "date": "2023-01-24T16:30:22",
        "db": "PACKETSTORM",
        "id": "170668",
        "ident": null
      },
      {
        "date": "2023-01-26T15:35:03",
        "db": "PACKETSTORM",
        "id": "170754",
        "ident": null
      },
      {
        "date": "2022-11-15T16:42:23",
        "db": "PACKETSTORM",
        "id": "169857",
        "ident": null
      },
      {
        "date": "2023-02-28T17:09:39",
        "db": "PACKETSTORM",
        "id": "171173",
        "ident": null
      },
      {
        "date": "2022-12-22T02:13:22",
        "db": "PACKETSTORM",
        "id": "170318",
        "ident": null
      },
      {
        "date": "2022-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-1022",
        "ident": null
      },
      {
        "date": "2022-11-23T18:15:12.167000",
        "db": "NVD",
        "id": "CVE-2022-40304",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-02-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-429438",
        "ident": null
      },
      {
        "date": "2023-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-1022",
        "ident": null
      },
      {
        "date": "2025-04-28T20:15:19.607000",
        "db": "NVD",
        "id": "CVE-2022-40304",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "libxml2 Code problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-1022"
      }
    ],
    "trust": 0.6
  }
}

VAR-202205-1299

Vulnerability from variot - Updated: 2026-04-10 23:25

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. Apple tvOS is a smart TV operating system developed by Apple (Apple). tvOS 15.0 19J346 - 15.4.1 19L452 versions have a buffer error vulnerability caused by a boundary error when processing HTML content in WebKit. A remote attacker could exploit this vulnerability to execute arbitrary code on the target system. macOS Monterey 12.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5

iOS 15.5 and iPadOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213258.

AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26702: an anonymous researcher

AppleGraphicsControl Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher

DriverKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26744: an anonymous researcher

ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

IOKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26771: an anonymous researcher

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308

Notes Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a large input may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal

Safari Private Browsing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher

Security Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

Shortcuts Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: An authorization issue was addressed with improved state management. CVE-2022-26703: Salman Syed (@slmnsd551)

WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori

WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2015-4142: Kostya Kortchinsky of Google Security Team

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval

Additional recognition

AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.

Wi-Fi We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for their assistance.

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.5 and iPadOS 15.5". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p rhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6 xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt EoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV TpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/ XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8 YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj +1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc 1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2 mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT EwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx WIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk= =OMfW -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes Advisory ID: RHSA-2023:0795-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2023:0795 Issue date: 2023-02-15 CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2021-46848 CVE-2022-1304 CVE-2022-2509 CVE-2022-2601 CVE-2022-3515 CVE-2022-3775 CVE-2022-3787 CVE-2022-3821 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVE-2022-30698 CVE-2022-30699 CVE-2022-32149 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41974 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 =====================================================================

Summary:

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6

Description:

Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.

For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

This advisory contains bug fixes and enhancements to the Submariner container images.

Security fixes:

CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

Bugs addressed:

Build Submariner 0.13.3 (ACM-2226)
Verify Submariner with OCP 4.12 (ACM-2435)
Submariner does not support cluster "kube-proxy ipvs mode" (ACM-2821)
Solution:

For details on how to install Submariner, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console

and

https://submariner.io/getting-started/

Bugs fixed (https://bugzilla.redhat.com/):

2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

JIRA issues fixed (https://issues.jboss.org/):

ACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3 ACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12 ACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster "kube-proxy ipvs mode"

References:

https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32149 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-41974 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. Solution:

See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index See the Red Hat OpenShift Container Platform 4.9 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index See the Red Hat OpenShift Container Platform 4.10 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index See the Red Hat OpenShift Container Platform 4.11 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

Bugs fixed (https://bugzilla.redhat.com/):

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2142799 - Release of OpenShift Serverless Serving 1.26.0 2142801 - Release of OpenShift Serverless Eventing 1.26.0

Bugs fixed (https://bugzilla.redhat.com/):

2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

Summary:

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Description:

Service Binding manages the data plane for applications and backing services.

Security Fix(es):

golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

JIRA issues fixed (https://issues.jboss.org/):

APPSVC-1204 - Provisioned Service discovery APPSVC-1256 - CVE-2022-41717

Apple is aware of a report that this issue may have been actively exploited. CVE-2022-26724: Jorge A. ========================================================================== Ubuntu Security Notice USN-5457-1 June 01, 2022

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 22.04 LTS
Ubuntu 21.10
Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description: - webkit2gtk: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 2.36.3-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.36.3-0ubuntu0.22.04.1

Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.21.10.1 libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.21.10.1

Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.20.04.1

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.6"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.5"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.4"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.5"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.5"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.5"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26700"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "171026"
      },
      {
        "db": "PACKETSTORM",
        "id": "170206"
      },
      {
        "db": "PACKETSTORM",
        "id": "170759"
      },
      {
        "db": "PACKETSTORM",
        "id": "171127"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2022-26700",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-26700",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-26700",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-26700",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-3513",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26700"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26700"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. Apple tvOS is a smart TV operating system developed by Apple (Apple). tvOS 15.0 19J346 - 15.4.1 19L452 versions have a buffer error vulnerability caused by a boundary error when processing HTML content in WebKit. A remote attacker could exploit this vulnerability to execute arbitrary code on the target system. macOS Monterey 12.4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5\n\niOS 15.5 and iPadOS 15.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213258. \n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26702: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAVEVideoEncoder\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26736: an anonymous researcher\nCVE-2022-26737: an anonymous researcher\nCVE-2022-26738: an anonymous researcher\nCVE-2022-26739: an anonymous researcher\nCVE-2022-26740: an anonymous researcher\n\nDriverKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGPU Drivers\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26744: an anonymous researcher\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow issue was addressed with improved\ninput validation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nIOKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\nIOMobileFrameBuffer\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nIOSurfaceAccelerator\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26771: an anonymous researcher\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibxml2\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nNotes\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a large input may lead to a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain\nCollege Of Technology Bhopal\n\nSafari Private Browsing\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26731: an anonymous researcher\n\nSecurity\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-26703: Salman Syed (@slmnsd551)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWebRTC\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Video self-preview in a webRTC call may be interrupted if the\nuser answers a phone call\nDescription: A logic issue in the handling of concurrent media was\naddressed with improved state handling. \nWebKit Bugzilla: 237524\nCVE-2022-22677: an anonymous researcher\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2015-4142: Kostya Kortchinsky of Google Security Team\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26762: Wang Yu of Cyberserval\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nFaceTime\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nWi-Fi\nWe would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for\ntheir assistance. \n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/  iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device.  The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device.  To\ncheck that the iPhone, iPod touch, or iPad has been updated:  *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.5 and iPadOS 15.5\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p\nrhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6\nxOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt\nEoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV\nTpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/\nXWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8\nYMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj\n+1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc\n1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2\nmp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT\nEwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx\nWIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk=\n=OMfW\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes\nAdvisory ID:       RHSA-2023:0795-01\nProduct:           Red Hat ACM\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:0795\nIssue date:        2023-02-15\nCVE Names:         CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 \n                   CVE-2021-46848 CVE-2022-1304 CVE-2022-2509 \n                   CVE-2022-2601 CVE-2022-3515 CVE-2022-3775 \n                   CVE-2022-3787 CVE-2022-3821 CVE-2022-22624 \n                   CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 \n                   CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 \n                   CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 \n                   CVE-2022-30293 CVE-2022-30698 CVE-2022-30699 \n                   CVE-2022-32149 CVE-2022-35737 CVE-2022-37434 \n                   CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 \n                   CVE-2022-41974 CVE-2022-42010 CVE-2022-42011 \n                   CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 \n=====================================================================\n\n1. Summary:\n\nSubmariner 0.13.3 packages that fix various bugs and add various\nenhancements that are now available for Red Hat Advanced Cluster Management\nfor Kubernetes version 2.6\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nThis advisory contains bug fixes and enhancements to the Submariner\ncontainer images. \n\nSecurity fixes:\n\n* CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage\ntakes a long time to parse complex tags\n\nBugs addressed:\n\n* Build Submariner 0.13.3 (ACM-2226)\n* Verify Submariner with OCP 4.12 (ACM-2435)\n* Submariner does not support cluster \"kube-proxy ipvs mode\" (ACM-2821)\n\n3. Solution:\n\nFor details on how to install Submariner, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console\n\nand\n\nhttps://submariner.io/getting-started/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3\nACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12\nACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster \"kube-proxy ipvs mode\"\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-3709\nhttps://access.redhat.com/security/cve/CVE-2020-35525\nhttps://access.redhat.com/security/cve/CVE-2020-35527\nhttps://access.redhat.com/security/cve/CVE-2021-46848\nhttps://access.redhat.com/security/cve/CVE-2022-1304\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-2601\nhttps://access.redhat.com/security/cve/CVE-2022-3515\nhttps://access.redhat.com/security/cve/CVE-2022-3775\nhttps://access.redhat.com/security/cve/CVE-2022-3787\nhttps://access.redhat.com/security/cve/CVE-2022-3821\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/cve/CVE-2022-30698\nhttps://access.redhat.com/security/cve/CVE-2022-30699\nhttps://access.redhat.com/security/cve/CVE-2022-32149\nhttps://access.redhat.com/security/cve/CVE-2022-35737\nhttps://access.redhat.com/security/cve/CVE-2022-37434\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-41974\nhttps://access.redhat.com/security/cve/CVE-2022-42010\nhttps://access.redhat.com/security/cve/CVE-2022-42011\nhttps://access.redhat.com/security/cve/CVE-2022-42012\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/cve/CVE-2022-43680\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. Description:\n\nVersion 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. Solution:\n\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.11 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2142799 - Release of OpenShift Serverless Serving 1.26.0\n2142801 - Release of OpenShift Serverless Eventing 1.26.0\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing\n\n5. Summary:\n\nAn update for service-binding-operator-bundle-container and\nservice-binding-operator-container is now available for OpenShift Developer\nTools and Services for OCP 4.9. Description:\n\nService Binding manages the data plane for applications and backing\nservices. \n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go\nserver accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nAPPSVC-1204 - Provisioned Service discovery\nAPPSVC-1256 - CVE-2022-41717\n\n6. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2022-26724:  Jorge A. ==========================================================================\nUbuntu Security Notice USN-5457-1\nJune 01, 2022\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK Web and\nJavaScript engines. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n  libjavascriptcoregtk-4.0-18     2.36.3-0ubuntu0.22.04.1\n  libjavascriptcoregtk-4.1-0      2.36.3-0ubuntu0.22.04.1\n  libwebkit2gtk-4.0-37            2.36.3-0ubuntu0.22.04.1\n  libwebkit2gtk-4.1-0             2.36.3-0ubuntu0.22.04.1\n\nUbuntu 21.10:\n  libjavascriptcoregtk-4.0-18     2.36.3-0ubuntu0.21.10.1\n  libwebkit2gtk-4.0-37            2.36.3-0ubuntu0.21.10.1\n\nUbuntu 20.04 LTS:\n  libjavascriptcoregtk-4.0-18     2.36.3-0ubuntu0.20.04.1\n  libwebkit2gtk-4.0-37            2.36.3-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26700"
      },
      {
        "db": "VULHUB",
        "id": "VHN-417369"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26700"
      },
      {
        "db": "PACKETSTORM",
        "id": "167185"
      },
      {
        "db": "PACKETSTORM",
        "id": "171026"
      },
      {
        "db": "PACKETSTORM",
        "id": "170206"
      },
      {
        "db": "PACKETSTORM",
        "id": "170759"
      },
      {
        "db": "PACKETSTORM",
        "id": "171127"
      },
      {
        "db": "PACKETSTORM",
        "id": "167194"
      },
      {
        "db": "PACKETSTORM",
        "id": "167347"
      }
    ],
    "trust": 1.71
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-417369",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417369"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-26700",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "167347",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "170210",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "169920",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "169760",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167195",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170956",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168226",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "169889",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051708",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022053015",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060123",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2410",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2860",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2707",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2970",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.0818",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6290",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2692",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1467",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6434",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "171026",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167185",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167194",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167186",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170898",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167193",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-417369",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26700",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170206",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170759",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171127",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417369"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26700"
      },
      {
        "db": "PACKETSTORM",
        "id": "167185"
      },
      {
        "db": "PACKETSTORM",
        "id": "171026"
      },
      {
        "db": "PACKETSTORM",
        "id": "170206"
      },
      {
        "db": "PACKETSTORM",
        "id": "170759"
      },
      {
        "db": "PACKETSTORM",
        "id": "171127"
      },
      {
        "db": "PACKETSTORM",
        "id": "167194"
      },
      {
        "db": "PACKETSTORM",
        "id": "167347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26700"
      }
    ]
  },
  "id": "VAR-202205-1299",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417369"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:25:25.876000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Apple tvOS Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193038"
      },
      {
        "title": "Apple: macOS Monterey 12.4",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
      },
      {
        "title": "Apple: iOS 15.5 and iPadOS 15.5",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f66f27c9aed3f1df2b9271d627617604"
      },
      {
        "title": "Apple: watchOS 8.6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6bd411659b23f6a36cfd1c59cf69e092"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-26700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26700"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht213254"
      },
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht213260"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213253"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213257"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213258"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167347/ubuntu-security-notice-usn-5457-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2707"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-38480"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168226/gentoo-linux-security-advisory-202208-39.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169920/red-hat-security-advisory-2022-7435-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1467"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2692"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6434"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2970"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2410"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169760/red-hat-security-advisory-2022-7704-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170210/red-hat-security-advisory-2022-8964-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38380"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051708"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167195/apple-security-advisory-2022-05-16-7.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060123"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169889/red-hat-security-advisory-2022-8054-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-26700/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022053015"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2860"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.0818"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170956/red-hat-security-advisory-2023-0709-01.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.4,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-35737"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-46848"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26738"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26740"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26702"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26736"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26737"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26745"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26757"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26739"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40304"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40303"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht213257"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26703"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26744"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213258."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4142"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3821"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-43680"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2601"
      },
      {
        "trust": 0.1,
        "url": "https://submariner.io/."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3787"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2601"
      },
      {
        "trust": 0.1,
        "url": "https://submariner.io/getting-started/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32149"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42010"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3775"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0795"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30699"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42011"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21626"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21628"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21618"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21618"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39399"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21626"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27191"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1355"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0909"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0924"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0908"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42920"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0924"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1355"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1471"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-47629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213254."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26766"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26764"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26724"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26765"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26763"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5457-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.3-0ubuntu0.21.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.3-0ubuntu0.22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.3-0ubuntu0.20.04.1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417369"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26700"
      },
      {
        "db": "PACKETSTORM",
        "id": "167185"
      },
      {
        "db": "PACKETSTORM",
        "id": "171026"
      },
      {
        "db": "PACKETSTORM",
        "id": "170206"
      },
      {
        "db": "PACKETSTORM",
        "id": "170759"
      },
      {
        "db": "PACKETSTORM",
        "id": "171127"
      },
      {
        "db": "PACKETSTORM",
        "id": "167194"
      },
      {
        "db": "PACKETSTORM",
        "id": "167347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26700"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-417369",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26700",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167185",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "171026",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170206",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170759",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "171127",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167194",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167347",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26700",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-417369",
        "ident": null
      },
      {
        "date": "2022-05-17T16:57:57",
        "db": "PACKETSTORM",
        "id": "167185",
        "ident": null
      },
      {
        "date": "2023-02-16T15:45:25",
        "db": "PACKETSTORM",
        "id": "171026",
        "ident": null
      },
      {
        "date": "2022-12-13T17:13:48",
        "db": "PACKETSTORM",
        "id": "170206",
        "ident": null
      },
      {
        "date": "2023-01-27T15:03:38",
        "db": "PACKETSTORM",
        "id": "170759",
        "ident": null
      },
      {
        "date": "2023-02-27T14:51:11",
        "db": "PACKETSTORM",
        "id": "171127",
        "ident": null
      },
      {
        "date": "2022-05-17T17:06:48",
        "db": "PACKETSTORM",
        "id": "167194",
        "ident": null
      },
      {
        "date": "2022-06-01T17:37:25",
        "db": "PACKETSTORM",
        "id": "167347",
        "ident": null
      },
      {
        "date": "2022-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-3513",
        "ident": null
      },
      {
        "date": "2022-09-23T19:15:11.357000",
        "db": "NVD",
        "id": "CVE-2022-26700",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-417369",
        "ident": null
      },
      {
        "date": "2023-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-3513",
        "ident": null
      },
      {
        "date": "2025-05-22T19:15:29.500000",
        "db": "NVD",
        "id": "CVE-2022-26700",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "_id": null,
    "data": "Apple tvOS Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3513"
      }
    ],
    "trust": 0.6
  }
}

VAR-202206-1961

Vulnerability from variot - Updated: 2026-04-10 23:24

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6159-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6159 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32208 ==================================================================== 1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 8.

Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: HTTP compression denial of service (CVE-2022-32206)
curl: FTP-KRB bad message verification (CVE-2022-32208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification

Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source: curl-7.61.1-22.el8_6.4.src.rpm

aarch64: curl-7.61.1-22.el8_6.4.aarch64.rpm curl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm curl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-7.61.1-22.el8_6.4.aarch64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm

ppc64le: curl-7.61.1-22.el8_6.4.ppc64le.rpm curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm

s390x: curl-7.61.1-22.el8_6.4.s390x.rpm curl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm curl-debugsource-7.61.1-22.el8_6.4.s390x.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-7.61.1-22.el8_6.4.s390x.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-devel-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm

x86_64: curl-7.61.1-22.el8_6.4.x86_64.rpm curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm curl-debugsource-7.61.1-22.el8_6.4.i686.rpm curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-7.61.1-22.el8_6.4.i686.rpm libcurl-7.61.1-22.el8_6.4.x86_64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-devel-7.61.1-22.el8_6.4.i686.rpm libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+ YgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg EiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB dQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN blR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau 5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k nJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+ XPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd VaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas ML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw owX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF bBkTeh+fqsg=powM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Security fix:

CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

Bug fixes:

Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)
RHACM 2.3.12 images (BZ# 2101411)
Bugs fixed (https://bugzilla.redhat.com/):

2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:

Security Fix(es):

golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RHEL-8-CNV-4.12

============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

Bugs fixed (https://bugzilla.redhat.com/):

1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label app.kubernetes.io/name: common-templates 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

Gentoo Linux Security Advisory GLSA 202212-01

                                       https://security.gentoo.org/

Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01

Synopsis

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

Background

A command line tool and library for transferring data with URLs.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.86.0 >= 7.86.0

Description

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All curl users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

References

[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202212-01

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

Security fixes:

moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
vm2: Sandbox Escape in vm2 (CVE-2022-36067)

Bug fixes:

Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)
OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)
subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)
Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)
Submariner addon status doesn't track all deployment failures (BZ# 2090311)
Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)
After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)
Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)
Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)
Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)
managed cluster is in "unknown" state for 120 mins after OADP restore
RHACM 2.5.2 images (BZ# 2104553)
Subscription UI does not allow binding to label with empty value (BZ# 2104961)
Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)
Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)
cluster uninstall log points to incorrect container name (BZ# 2107359)
ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)
Single node checkbox not visible for 4.11 images (BZ# 2109134)
Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)
Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)
After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)
pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)
ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)
Bugs fixed (https://bugzilla.redhat.com/):

2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "_id": null,
        "model": "bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.16.4"
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.84.0"
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-32208",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-32208",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-424135",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2022-32208",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-32208",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-32208",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-424135",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2022:6159-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6159\nIssue date:        2022-08-24\nCVE Names:         CVE-2022-32206 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-22.el8_6.4.src.rpm\n\naarch64:\ncurl-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\n\nx86_64:\ncurl-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.i686.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+\nYgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg\nEiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB\ndQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN\nblR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau\n5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k\nnJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+\nXPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd\nVaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas\nML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw\nowX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF\nbBkTeh+fqsg=powM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208",
        "trust": 1.9
      },
      {
        "db": "HACKERONE",
        "id": "1590071",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168289",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168503",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168378",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168158",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168275",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167661",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168174",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167607",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168347",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168301",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-424135",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "id": "VAR-202206-1961",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:24:46.149000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Ubuntu Security Notice: USN-5499-1: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5499-1"
      },
      {
        "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32208"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-840",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.1,
        "url": "https://hackerone.com/reports/1590071"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.6,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-29154"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-2526"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-21123"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-32250"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-21166"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-21125"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1012"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-31129"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0391"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-20107"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5499-1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5495-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6159"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1966"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-40528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29824"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24795"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30699"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1798"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6560"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21125"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6507"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-36067"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424135",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168158",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168213",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168289",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168503",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168378",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424135",
        "ident": null
      },
      {
        "date": "2022-08-25T15:25:12",
        "db": "PACKETSTORM",
        "id": "168158",
        "ident": null
      },
      {
        "date": "2022-09-01T16:30:25",
        "db": "PACKETSTORM",
        "id": "168213",
        "ident": null
      },
      {
        "date": "2023-01-26T15:29:09",
        "db": "PACKETSTORM",
        "id": "170741",
        "ident": null
      },
      {
        "date": "2022-12-19T13:48:31",
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "date": "2022-09-07T17:09:04",
        "db": "PACKETSTORM",
        "id": "168289",
        "ident": null
      },
      {
        "date": "2022-09-26T15:37:32",
        "db": "PACKETSTORM",
        "id": "168503",
        "ident": null
      },
      {
        "date": "2022-09-14T15:08:07",
        "db": "PACKETSTORM",
        "id": "168378",
        "ident": null
      },
      {
        "date": "2022-07-07T13:15:08.467000",
        "db": "NVD",
        "id": "CVE-2022-32208",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424135",
        "ident": null
      },
      {
        "date": "2025-05-05T17:18:13.390000",
        "db": "NVD",
        "id": "CVE-2022-32208",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Red Hat Security Advisory 2022-6159-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168158"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "arbitrary, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170303"
      }
    ],
    "trust": 0.1
  }
}

VAR-202201-0355

Vulnerability from variot - Updated: 2026-04-10 23:24

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Summary:

The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Security Fix(es) from Bugzilla:

golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)
golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)
golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

For details on how to install and use MTC, refer to:

https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Bugs fixed (https://bugzilla.redhat.com/):

2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page

Description:

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes Advisory ID: RHSA-2022:1476-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1476 Issue date: 2022-04-20 CVE Names: CVE-2021-0920 CVE-2021-3999 CVE-2021-4154 CVE-2021-23177 CVE-2021-23566 CVE-2021-31566 CVE-2021-41190 CVE-2021-43565 CVE-2021-45960 CVE-2021-46143 CVE-2022-0144 CVE-2022-0155 CVE-2022-0235 CVE-2022-0261 CVE-2022-0318 CVE-2022-0330 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 CVE-2022-0536 CVE-2022-0778 CVE-2022-0811 CVE-2022-0847 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-22942 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-24450 CVE-2022-24778 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-27191 =====================================================================

Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.4.3 General Availability release images. This update provides security fixes, bug fixes, and updates the container images.

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images

This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

Security updates:

golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
nodejs-shelljs: improper privilege management (CVE-2022-0144)
search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

Related bugs:

RHACM 2.4.3 image files (BZ #2057249)
Observability - dashboard name contains / would cause error when generating dashboard cm (BZ #2032128)
ACM application placement fails after renaming the application name (BZ

2033051)

Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)
Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)
The value of name label changed from clusterclaim name to cluster name (BZ #2042223)
VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ

2048500)

clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)
Application cluster status is not updated in UI after restoring (BZ

2053279)

OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)
The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)
Subscriptions stop reconciling after channel secrets are recreated (BZ

2059954)

Placementrule is not reconciling on a new fresh environment (BZ #2074156)
The cluster claimed from clusterpool cannot auto imported (BZ #2074543)
Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing

Bugs fixed (https://bugzilla.redhat.com/):

2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.

Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki

Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)

Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)

AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher

AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.

AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)

ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)

ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)

ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)

Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher

Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022

AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.

Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher

CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)

ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC

Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike

curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208

Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.

DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)

DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)

Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher

FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022

Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)

Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD

GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)

Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)

Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022

Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622

Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)

IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs

IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022

Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security

Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com

MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher

Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022

ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537

ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458

Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure

Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer

PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd

ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher

ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher

ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher

ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022

Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739

Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher

Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake

Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)

Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania

Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital

Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)

SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger

Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro

SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690

Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126

Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022

WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative

WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab

zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022

Additional recognition

Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.

FaceTime We would like to acknowledge an anonymous researcher for their assistance.

FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.

Find My We would like to acknowledge an anonymous researcher for their assistance.

Identity Services We would like to acknowledge Joshua Jones for their assistance.

IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.

Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.

Mail We would like to acknowledge an anonymous researcher for their assistance.

Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.

Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.

Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.

Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.

Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.

System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.

System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.

UIKit We would like to acknowledge Aleczander Ewing for their assistance.

WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.

WebRTC We would like to acknowledge an anonymous researcher for their assistance.

macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----

. Apple is aware of a report that this issue may have been actively exploited. ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023

vim vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Vim.

Software Description: - vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-4166)

It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)

It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)

It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)

It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)

It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)

It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)

It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)

It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)

It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)

It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)

It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)

It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)

It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)

It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)

It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7

Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14

Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13

Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9

In general, a standard system update will make all the necessary changes

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "vim",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vim",
        "version": "8.2.4214"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-0359"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166976"
      },
      {
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "db": "PACKETSTORM",
        "id": "166812"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2022-0359",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-0359",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-413342",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-0359",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "security@huntr.dev",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-0359",
            "impactScore": 3.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-0359",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security@huntr.dev",
            "id": "CVE-2022-0359",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202201-2455",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-413342",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0359"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0359"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: Limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* golang: debug/macho: Invalid dynamic symbol table command can cause panic\n(CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: syscall: Don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes\nAdvisory ID:       RHSA-2022:1476-01\nProduct:           Red Hat ACM\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1476\nIssue date:        2022-04-20\nCVE Names:         CVE-2021-0920 CVE-2021-3999 CVE-2021-4154 \n                   CVE-2021-23177 CVE-2021-23566 CVE-2021-31566 \n                   CVE-2021-41190 CVE-2021-43565 CVE-2021-45960 \n                   CVE-2021-46143 CVE-2022-0144 CVE-2022-0155 \n                   CVE-2022-0235 CVE-2022-0261 CVE-2022-0318 \n                   CVE-2022-0330 CVE-2022-0359 CVE-2022-0361 \n                   CVE-2022-0392 CVE-2022-0413 CVE-2022-0435 \n                   CVE-2022-0492 CVE-2022-0516 CVE-2022-0536 \n                   CVE-2022-0778 CVE-2022-0811 CVE-2022-0847 \n                   CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 \n                   CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 \n                   CVE-2022-22942 CVE-2022-23218 CVE-2022-23219 \n                   CVE-2022-23308 CVE-2022-23852 CVE-2022-24450 \n                   CVE-2022-24778 CVE-2022-25235 CVE-2022-25236 \n                   CVE-2022-25315 CVE-2022-27191 \n=====================================================================\n\n1. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 General\nAvailability release images. This update provides security fixes, bug\nfixes, and updates the container images. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE links in the References section. \n\n2. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous\nerrata update:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature  authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An      \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n  vim                             2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n  vim                             2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n  vim                             2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n  vim                             2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-0359"
      },
      {
        "db": "VULHUB",
        "id": "VHN-413342"
      },
      {
        "db": "PACKETSTORM",
        "id": "166976"
      },
      {
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "db": "PACKETSTORM",
        "id": "166812"
      },
      {
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "167368"
      },
      {
        "db": "PACKETSTORM",
        "id": "171934"
      }
    ],
    "trust": 1.62
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-413342",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413342"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-0359",
        "trust": 2.4
      },
      {
        "db": "PACKETSTORM",
        "id": "166976",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169576",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167368",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166433",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166323",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166516",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166812",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1263",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3002",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5300",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.0019",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1677",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1056",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031527",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060217",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032843",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072710",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032446",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062022",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022061208",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022022220",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "166431",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169561",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169551",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-413342",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171934",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413342"
      },
      {
        "db": "PACKETSTORM",
        "id": "166976"
      },
      {
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "db": "PACKETSTORM",
        "id": "166812"
      },
      {
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "167368"
      },
      {
        "db": "PACKETSTORM",
        "id": "171934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0359"
      }
    ]
  },
  "id": "VAR-202201-0355",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413342"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:24:03.064000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "vim Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183808"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-122",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413342"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0359"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213444"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.7,
        "url": "https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/oct/43"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/202208-32"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022022220"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167368/ubuntu-security-notice-usn-5458-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031527"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166433/red-hat-security-advisory-2022-1041-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-github-repository-37405"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213488"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060217"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166323/red-hat-security-advisory-2022-0894-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032446"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-31566"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-25236"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-23177"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-0318"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22825"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-23308"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22827"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22823"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3999"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-46143"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-23218"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-0359"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-25235"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22824"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-0413"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-0361"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-0261"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-0392"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22826"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22822"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-23852"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-23219"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-25315"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-45960"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-41190"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0778"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0811"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1154"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25636"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4028"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1271"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24731"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1025"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0536"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22942"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27191"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0920"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0435"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4154"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1476"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24778"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0144"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0235"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0847"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213488."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213444."
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5458-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6026-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413342"
      },
      {
        "db": "PACKETSTORM",
        "id": "166976"
      },
      {
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "db": "PACKETSTORM",
        "id": "166812"
      },
      {
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "167368"
      },
      {
        "db": "PACKETSTORM",
        "id": "171934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0359"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-413342",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166976",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166431",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166812",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169561",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169576",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167368",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "171934",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0359",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-413342",
        "ident": null
      },
      {
        "date": "2022-05-05T17:35:22",
        "db": "PACKETSTORM",
        "id": "166976",
        "ident": null
      },
      {
        "date": "2022-03-24T14:34:35",
        "db": "PACKETSTORM",
        "id": "166431",
        "ident": null
      },
      {
        "date": "2022-04-21T15:12:25",
        "db": "PACKETSTORM",
        "id": "166812",
        "ident": null
      },
      {
        "date": "2022-10-31T14:22:32",
        "db": "PACKETSTORM",
        "id": "169561",
        "ident": null
      },
      {
        "date": "2022-10-31T14:42:57",
        "db": "PACKETSTORM",
        "id": "169576",
        "ident": null
      },
      {
        "date": "2022-06-02T17:08:47",
        "db": "PACKETSTORM",
        "id": "167368",
        "ident": null
      },
      {
        "date": "2023-04-19T13:03:56",
        "db": "PACKETSTORM",
        "id": "171934",
        "ident": null
      },
      {
        "date": "2022-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-2455",
        "ident": null
      },
      {
        "date": "2022-01-26T12:15:08.030000",
        "db": "NVD",
        "id": "CVE-2022-0359",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-11-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-413342",
        "ident": null
      },
      {
        "date": "2023-01-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-2455",
        "ident": null
      },
      {
        "date": "2025-11-03T21:15:48.630000",
        "db": "NVD",
        "id": "CVE-2022-0359",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "vim Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2455"
      }
    ],
    "trust": 0.6
  }
}

VAR-201806-1469

Vulnerability from variot - Updated: 2026-04-10 23:20

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. The following products and versions are affected: Apple iOS prior to 11.4; Safari prior to 11.1.1; Windows-based iCloud prior to 7.5; Windows-based iTunes prior to 12.7.5; tvOS prior to 11.4; watchOS 4.3. 1 previous version. CVE-2018-4196: G. CVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team

Grand Central Dispatch Available for: macOS High Sierra 10.13.4 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An issue existed in parsing entitlement plists. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes. CVE-2018-4226: Abraham Masri (@cheesecakeufo)

APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4

iOS 11.4 addresses the following:

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero

Installation note:

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 11.4".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.7.5"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.5"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.4"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.5   (windows 7 or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4   (ipad air or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4   (iphone 5s or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4   (ipod touch first  6 generation )"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.7.5   (windows 7 or later )"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.3.1   (apple watch all models )"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.4.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.4.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.7.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.7"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.5.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.1"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.3"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.2"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.5"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.3"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.1"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12"
      },
      {
        "_id": null,
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ipad air",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4225"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:icloud",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:itunes",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:watchos",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-4225",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-4225",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-134256",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-4225",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-4225",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-4225",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201806-608",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134256",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-4225",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134256"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4225"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the \"Security\" component. It allows local users to bypass intended restrictions on Keychain state modifications. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. The following products and versions are affected: Apple iOS prior to 11.4; Safari prior to 11.1.1; Windows-based iCloud prior to 7.5; Windows-based iTunes prior to 12.7.5; tvOS prior to 11.4; watchOS 4.3. 1 previous version. \nCVE-2018-4196: G. \nCVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team\n\napache_mod_php\nAvailable for: macOS High Sierra 10.13.4\nImpact: Issues in php were addressed in this update\nDescription: This issue was addressed by updating to php version\n7.1.16. \nCVE-2018-4219: Mohamed Ghannam (@_simo36)\n\nBluetooth\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\nImpact: A malicious application may be able to determine kernel\nmemory layout. \nDescription: An information disclosure issue existed in device\nproperties. \nCVE-2018-4171: shrek_wzw of Qihoo 360 Nirvan Team\n\nBluetooth\nAvailable for: MacBook Pro (Retina, 15-inch, Mid 2015), MacBook Pro\n(Retina, 15-inch, 2015), MacBook Pro (Retina, 13-inch, Early 2015),\nMacBook Pro (15-inch, 2017), MacBook Pro (15-inch, 2016),\nMacBook Pro (13-inch, Late 2016, Two Thunderbolt 3 Ports),\nMacBook Pro (13-inch, Late 2016, Four Thunderbolt 3 Ports),\nMacBook Pro (13-inch, 2017, Four Thunderbolt 3 Ports),\nMacBook (Retina, 12-inch, Early 2016), MacBook\n(Retina, 12-inch, Early 2015), MacBook (Retina, 12-inch, 2017),\niMac Pro, iMac (Retina 5K, 27-inch, Late 2015), iMac\n(Retina 5K, 27-inch, 2017), iMac (Retina 4K, 21.5-inch, Late 2015),\niMac (Retina 4K, 21.5-inch, 2017), iMac (21.5-inch, Late 2015), and\niMac (21.5-inch, 2017)\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. \nCVE-2018-4211: Proteas of Qihoo 360 Nirvan Team\n\nGrand Central Dispatch\nAvailable for: macOS High Sierra 10.13.4\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An issue existed in parsing entitlement plists. The issue appears to be from an undocumented\nside effect of the instructions. An attacker might utilize this\nexception handling to gain access to Ring 0 and access sensitive\nmemory or control operating system processes. \nCVE-2018-4226: Abraham Masri (@cheesecakeufo)\n\nSpeech\nAvailable for: macOS High Sierra 10.13.4\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A sandbox issue existed in the handling of microphone\naccess. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-7-23-3 Additional information for\nAPPLE-SA-2018-06-01-4 iOS 11.4\n\niOS 11.4 addresses the following:\n\nBluetooth\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2018-4215: Abraham Masri (@cheesecakeufo)\n\nBluetooth\nAvailable for: iPhone X, iPhone 8, iPhone 8 Plus,\niPad 6th generation, and iPad Air 2\nNot impacted: HomePod\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. This\nissue was addressed with improved input validation. \nCVE-2018-5383: Lior Neumann and Eli Biham\nEntry added July 23, 2018\n\nContacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted vcf file may lead to a\ndenial of service\nDescription: A validation issue existed in the handling of phone\nnumbers. This issue was addressed with improved validation of phone\nnumbers. \nCVE-2018-4100: Abraham Masri (@cheesecakeufo)\n\nFontParser\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4211: Proteas of Qihoo 360 Nirvan Team\n\niBooks\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in iBooks\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4202: Jerry Decime\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4249: Kevin Backhouse of Semmle Ltd. \n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2018-4241: Ian Beer of Google Project Zero\nCVE-2018-4243: Ian Beer of Google Project Zero\n\nlibxpc\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro\u0027s Zero\nDay Initiative\n\nMagnifier\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nview the last image used in Magnifier from the lockscreen\nDescription: A permissions issue existed in Magnifier.  This was\naddressed with additional permission checks. \nCVE-2018-4239: an anonymous researcher\n\nMail\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker may be able to exfiltrate the contents of\nS/MIME-encrypted e-mail\nDescription: An issue existed in the handling of encrypted Mail. This\nissue was addressed with improved isolation of MIME in Mail. \nCVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied\nSciences, Christian Dresen of MA1/4nster University of Applied Sciences,\nJens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster\nUniversity of Applied Sciences, Sebastian Schinzel of MA1/4nster\nUniversity of Applied Sciences, Simon Friedberger of KU Leuven, Juraj\nSomorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University\nBochum\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to conduct impersonation attacks\nDescription: An injection issue was addressed with improved input\nvalidation. \nCVE-2018-4235: Anurodh Pokharel of Salesforce.com\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: This issue was addressed with improved message\nvalidation. \nCVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd\nCVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious website may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise\nSolutions\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to read a persistent account\nidentifier\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4223: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Users may be tracked by malicious websites using client\ncertificates\nDescription: An issue existed in the handling of S-MIME\ncertificaties. This issue was addressed with improved validation of\nS-MIME certificates. \nCVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied\nSciences, Christian Dresen of MA1/4nster University of Applied Sciences,\nJens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster\nUniversity of Applied Sciences, Sebastian Schinzel of MA1/4nster\nUniversity of Applied Sciences, Simon Friedberger of KU Leuven, Juraj\nSomorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University\nBochum\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to read a persistent device\nidentifier\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4224: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify the state of the Keychain\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4225: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to view sensitive user information\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4226: Abraham Masri (@cheesecakeufo)\n\nSiri\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nenable Siri from the lock screen\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can\nBIKMAZ (@CanBkmaz) of Mustafa Kemal University\n\nSiri\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nuse Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn)\n\nSiri Contacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker with physical access to a device may be able to\nsee private contact information\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4244: an anonymous researcher\n\nUIKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A validation issue existed in the handling of text. This\nissue was addressed with improved validation of text. \nCVE-2018-4198: Hunter Byrnes\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4201: an anonymous researcher\nCVE-2018-4218: Natalie Silvanovich of Google Project Zero\nCVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro\u0027s Zero\nDay Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils\nof MWR Labs working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a maliciously crafted website may lead to cookies\nbeing overwritten\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed with improved restrictions. \nCVE-2018-4232: an anonymous researcher, Aymeric Chaib\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A race condition was addressed with improved locking. \nCVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat\nof Ret2 Systems, Inc working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4214: found by OSS-Fuzz\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working\nwith Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2018-4246: found by OSS-Fuzz\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: Credentials were unexpectedly sent when fetching CSS\nmask images. This was addressed by using a CORS-enabled fetch method. \nCVE-2018-4190: Jun Kokatsu (@shhnjk)\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2018-4222: Natalie Silvanovich of Google Project Zero\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 11.4\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUshMACgkQ8ecVjteJ\niCbspA//aVxu/EdiaNxNRmRDFB8LpqKa3xjJdfkK9cJRYZ+eBHJZjBfzj4BzABuG\nXow7FkEE7LSQpCeJ08Ggo6vVQUdR4+etQ2UfjQWGX6qIvLZUXK0lw2x5XdTP0q4m\nWmNoZcdK3cmbVXGMWUZRUrYPTWwMnTMsPpPoDoptaQRseN+K/0kdwsQZtdqeN9sq\nGN3Qp6AW6WR1gUAgDriIyzFXTxJ8NmKx2+4B5O2w0TbmzxGa/F5ZUjw4D/wwJJPA\n/RXAwseJMghPfbi9tNcjUhbGFfcnr5JvyGfY2GESFc7odWt2XSpePHr6qaJzogBr\nKeJKOVpgTdS4PO37+KDUfQDIElSnYQVTff8Tinxg/Zojafp0PxYkDYRxw7i16YKU\nHsB7R0o5Yi5YD4uG5ioMj4RspQDWozzveVvvtah6/bWChQQwD3XHr6JRM6oJ106G\nwNx2EHfRRXFQCY680RfE8hN/98IJRrCF6nIdO9zBbzGM/Ihzr02F0qSrdB5/PXSq\nS6EwJi0M5ia/KMFSO7EY5qQ2aipyDC3WPkvQrHtpsqstMrktyJOYGbm/t39WmIBb\ngC92rxvNFr5mO8Owypu1/tloGr15zIxPGR6OXA/DVxdRm2/UmW1tsqQfKgporJMD\nde6uiZJb8p8X36KC7YmHLTApYL3CaZebJIIOmf8tKjQUxxbR9wE=\n=nII0\n-----END PGP SIGNATURE-----\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      },
      {
        "db": "BID",
        "id": "104889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134256"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4225"
      },
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4225",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "104889",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1041027",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98864649",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-608",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-134256",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4225",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148642",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148643",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148645",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148028",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148026",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148015",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134256"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4225"
      },
      {
        "db": "BID",
        "id": "104889"
      },
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4225"
      }
    ]
  },
  "id": "VAR-201806-1469",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134256"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:20:47.406000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT208853",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208853"
      },
      {
        "title": "HT208848",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208848"
      },
      {
        "title": "HT208849",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208849"
      },
      {
        "title": "HT208851",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208851"
      },
      {
        "title": "HT208852",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208852"
      },
      {
        "title": "HT208848",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208848"
      },
      {
        "title": "HT208849",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208849"
      },
      {
        "title": "HT208851",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208851"
      },
      {
        "title": "HT208852",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208852"
      },
      {
        "title": "HT208853",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208853"
      },
      {
        "title": "Multiple Apple product Security Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80802"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4225"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/104889"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208848"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208849"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208851"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208852"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208853"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1041027"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4225"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4225"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98864649/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4224"
      },
      {
        "trust": 0.6,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4226"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4235"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4198"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4240"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4237"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4223"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4211"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4241"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4249"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4243"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00009.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00010.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00012.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4202"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4221"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4227"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4246"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4219"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4184"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4230"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4141"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4228"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4196"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4229"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4234"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4159"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4236"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4242"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4171"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4190"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4188"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4204"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4199"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4206"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2018/jul/83"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4215"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4100"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4239"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4200"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134256"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4225"
      },
      {
        "db": "BID",
        "id": "104889"
      },
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4225"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-134256",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4225",
        "ident": null
      },
      {
        "db": "BID",
        "id": "104889",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148642",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148643",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148645",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148028",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148026",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148015",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-608",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4225",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-06-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134256",
        "ident": null
      },
      {
        "date": "2018-06-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4225",
        "ident": null
      },
      {
        "date": "2018-07-23T00:00:00",
        "db": "BID",
        "id": "104889",
        "ident": null
      },
      {
        "date": "2018-07-23T13:02:22",
        "db": "PACKETSTORM",
        "id": "148642",
        "ident": null
      },
      {
        "date": "2018-07-23T14:44:44",
        "db": "PACKETSTORM",
        "id": "148643",
        "ident": null
      },
      {
        "date": "2018-07-23T15:22:22",
        "db": "PACKETSTORM",
        "id": "148645",
        "ident": null
      },
      {
        "date": "2018-06-04T16:10:27",
        "db": "PACKETSTORM",
        "id": "148028",
        "ident": null
      },
      {
        "date": "2018-06-04T16:09:27",
        "db": "PACKETSTORM",
        "id": "148026",
        "ident": null
      },
      {
        "date": "2018-06-01T18:32:22",
        "db": "PACKETSTORM",
        "id": "148015",
        "ident": null
      },
      {
        "date": "2018-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-608",
        "ident": null
      },
      {
        "date": "2018-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005535",
        "ident": null
      },
      {
        "date": "2018-06-08T18:29:01.697000",
        "db": "NVD",
        "id": "CVE-2018-4225",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134256",
        "ident": null
      },
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4225",
        "ident": null
      },
      {
        "date": "2018-07-23T00:00:00",
        "db": "BID",
        "id": "104889",
        "ident": null
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-608",
        "ident": null
      },
      {
        "date": "2018-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005535",
        "ident": null
      },
      {
        "date": "2024-11-21T04:07:00.490000",
        "db": "NVD",
        "id": "CVE-2018-4225",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "104889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-608"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "plural  Apple Vulnerability that circumvents restrictions on keychain state changes in product security components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005535"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "overflow, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148642"
      },
      {
        "db": "PACKETSTORM",
        "id": "148643"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148015"
      }
    ],
    "trust": 0.6
  }
}

VAR-201806-1468

Vulnerability from variot - Updated: 2026-04-10 23:19

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier. Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes are prone to a local authorization-bypass vulnerability. A local attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Failed exploits will result in denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. The following products and versions are affected: Apple iOS prior to 11.4; Safari prior to 11.1.1; Windows-based iCloud prior to 7.5; Windows-based iTunes prior to 12.7.5; tvOS prior to 11.4; watchOS 4.3. 1 previous version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2018-06-01-4 iOS 11.4

iOS 11.4 addresses the following:

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero

Installation note:

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 11.4".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa1ApHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHObHBAA jBRwdrK3Eks7V798k16MQFOvlqkofZWO3D+Qxb5OSzxixGy0r/vml78tnerJ546C p9UrL/1IxH1PERiWevubg6nbWFstBrOhY0FWLiope9oLAMB92iMM/7a+O/6EHjOc 9p6Y/Bud0OwFHEoJmN4HLGMUubm1uTAdalXSmfanxuFvjpxAeczYvW/+wAblOnHr KfclXy68dfUlW0NMP0kbQwnk1lVrb8QKEeayYli19c8zSVC38eYyKYZwhRC37yWT ViBRSz9zVvgJQKX4JgjV6cRO3uIFZX+sksr6VdMM0nHjsTUT6Mc+IAe9Is3YlJCO x0H8+WeloeKrwNDs60Grz7tRNVpevIlInLEQJkuoOD3niWqzt0Q40IzCNlgd8FBv ZB5iencgWy/ObRJSgoOq29EIlt+KEb9nSJx3h6kByo0ZxYhSVrDm44cHzCF0+/zN vY4XR3hJpc1S3ySiSkWHIhqjPAEP7cb/D7Az/5SGgle8cklem5haOdzAkeOHnzim laKEg+F3vue6W+n9iv0x0byVBhC5Xr1iNuRh7+uor5TIVPR2s4moWOWvyTruG2Kk RLlL700y2OZl/04nTgxxShCwLygXiKd07nuFIh4fKiMcGw31HKx1Choof6sPHqzo Grg2dx9YQXTCTIsdDNG581MIwzVvJPLSM5OeNsHQEd0= =7ZCv -----END PGP SIGNATURE----- .

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.7.5"
      },
      {
        "_id": null,
        "model": "tv",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.5"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.6.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.5.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.7"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.5.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.5.2"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.4"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.5   (windows 7 or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4   (ipad air or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4   (iphone 5s or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4   (ipod touch first  6 generation )"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.7.5   (windows 7 or later )"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4   (apple tv 4k)"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4   (apple tv first  4 generation )"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.3.1   (apple watch all models )"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.5.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.7.1"
      },
      {
        "_id": null,
        "model": "windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "_id": null,
        "model": "esignal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esignal",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "watch hermes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "watch edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "watch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.6"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.5"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.72"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.0.163"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.7"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1.7"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1.42"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1.10"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.0.80"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2.12"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.2"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.1"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "security update sierra",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2018-0030"
      },
      {
        "_id": null,
        "model": "security update el capitan",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2018-0030"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104378"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4224"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:icloud",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:itunes",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:watchos",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148644"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148027"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2018-4224",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-4224",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-134255",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-4224",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-4224",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-4224",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201806-609",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134255",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-4224",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4224"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Security\" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier. Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes are prone to a local authorization-bypass vulnerability. \nA local attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Failed exploits will result in denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. The following products and versions are affected: Apple iOS prior to 11.4; Safari prior to 11.1.1; Windows-based iCloud prior to 7.5; Windows-based iTunes prior to 12.7.5; tvOS prior to 11.4; watchOS 4.3. 1 previous version. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-06-01-4 iOS 11.4\n\niOS 11.4 addresses the following:\n\nBluetooth\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2018-4215: Abraham Masri (@cheesecakeufo)\n\nContacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted vcf file may lead to a\ndenial of service\nDescription: A validation issue existed in the handling of phone\nnumbers. This issue was addressed with improved validation of phone\nnumbers. \nCVE-2018-4100: Abraham Masri (@cheesecakeufo)\n\nFontParser\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4211: Proteas of Qihoo 360 Nirvan Team\n\niBooks\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in iBooks\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4202: Jerry Decime\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4249: Kevin Backhouse of Semmle Ltd. \n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2018-4241: Ian Beer of Google Project Zero\nCVE-2018-4243: Ian Beer of Google Project Zero\n\nlibxpc\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro\u0027s Zero\nDay Initiative\n\nMagnifier\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nview the last image used in Magnifier from the lockscreen\nDescription: A permissions issue existed in Magnifier.  This was\naddressed with additional permission checks. \nCVE-2018-4239: an anonymous researcher\n\nMail\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker may be able to exfiltrate the contents of\nS/MIME-encrypted e-mail\nDescription: An issue existed in the handling of encrypted Mail. This\nissue was addressed with improved isolation of MIME in Mail. \nCVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied\nSciences, Christian Dresen of MA1/4nster University of Applied Sciences,\nJens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster\nUniversity of Applied Sciences, Sebastian Schinzel of MA1/4nster\nUniversity of Applied Sciences, Simon Friedberger of KU Leuven, Juraj\nSomorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University\nBochum\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to conduct impersonation attacks\nDescription: An injection issue was addressed with improved input\nvalidation. \nCVE-2018-4235: Anurodh Pokharel of Salesforce.com\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: This issue was addressed with improved message\nvalidation. \nCVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd\nCVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious website may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise\nSolutions\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to read a persistent account\nidentifier\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4223: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Users may be tracked by malicious websites using client\ncertificates\nDescription: An issue existed in the handling of S-MIME\ncertificaties. This issue was addressed with improved validation of\nS-MIME certificates. \nCVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied\nSciences, Christian Dresen of MA1/4nster University of Applied Sciences,\nJens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster\nUniversity of Applied Sciences, Sebastian Schinzel of MA1/4nster\nUniversity of Applied Sciences, Simon Friedberger of KU Leuven, Juraj\nSomorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University\nBochum\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to read a persistent device\nidentifier\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4224: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify the state of the Keychain\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4225: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to view sensitive user information\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4226: Abraham Masri (@cheesecakeufo)\n\nSiri\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nenable Siri from the lock screen\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can\nBIKMAZ (@CanBkmaz) of Mustafa Kemal University\n\nSiri\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nuse Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn)\n\nSiri Contacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker with physical access to a device may be able to\nsee private contact information\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2018-4244: an anonymous researcher\n\nUIKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A validation issue existed in the handling of text. This\nissue was addressed with improved validation of text. \nCVE-2018-4198: Hunter Byrnes\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4201: an anonymous researcher\nCVE-2018-4218: Natalie Silvanovich of Google Project Zero\nCVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro\u0027s Zero\nDay Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils\nof MWR Labs working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a maliciously crafted website may lead to cookies\nbeing overwritten\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed with improved restrictions. \nCVE-2018-4232: an anonymous researcher, Aymeric Chaib\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A race condition was addressed with improved locking. \nCVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat\nof Ret2 Systems, Inc working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4214: found by OSS-Fuzz\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working\nwith Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2018-4246: found by OSS-Fuzz\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: Credentials were unexpectedly sent when fetching CSS\nmask images. This was addressed by using a CORS-enabled fetch method. \nCVE-2018-4190: Jun Kokatsu (@shhnjk)\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2018-4222: Natalie Silvanovich of Google Project Zero\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 11.4\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa1ApHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHObHBAA\njBRwdrK3Eks7V798k16MQFOvlqkofZWO3D+Qxb5OSzxixGy0r/vml78tnerJ546C\np9UrL/1IxH1PERiWevubg6nbWFstBrOhY0FWLiope9oLAMB92iMM/7a+O/6EHjOc\n9p6Y/Bud0OwFHEoJmN4HLGMUubm1uTAdalXSmfanxuFvjpxAeczYvW/+wAblOnHr\nKfclXy68dfUlW0NMP0kbQwnk1lVrb8QKEeayYli19c8zSVC38eYyKYZwhRC37yWT\nViBRSz9zVvgJQKX4JgjV6cRO3uIFZX+sksr6VdMM0nHjsTUT6Mc+IAe9Is3YlJCO\nx0H8+WeloeKrwNDs60Grz7tRNVpevIlInLEQJkuoOD3niWqzt0Q40IzCNlgd8FBv\nZB5iencgWy/ObRJSgoOq29EIlt+KEb9nSJx3h6kByo0ZxYhSVrDm44cHzCF0+/zN\nvY4XR3hJpc1S3ySiSkWHIhqjPAEP7cb/D7Az/5SGgle8cklem5haOdzAkeOHnzim\nlaKEg+F3vue6W+n9iv0x0byVBhC5Xr1iNuRh7+uor5TIVPR2s4moWOWvyTruG2Kk\nRLlL700y2OZl/04nTgxxShCwLygXiKd07nuFIh4fKiMcGw31HKx1Choof6sPHqzo\nGrg2dx9YQXTCTIsdDNG581MIwzVvJPLSM5OeNsHQEd0=\n=7ZCv\n-----END PGP SIGNATURE-----\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4224"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      },
      {
        "db": "BID",
        "id": "104378"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4224"
      },
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148644"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148027"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4224",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "104378",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1041027",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98864649",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-609",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-134255",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4224",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148017",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148645",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148644",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148028",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148018",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148026",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148027",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4224"
      },
      {
        "db": "BID",
        "id": "104378"
      },
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148644"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4224"
      }
    ]
  },
  "id": "VAR-201806-1468",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134255"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:19:04.159000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT208852",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208852"
      },
      {
        "title": "HT208853",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208853"
      },
      {
        "title": "HT208848",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208848"
      },
      {
        "title": "HT208849",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208849"
      },
      {
        "title": "HT208850",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208850"
      },
      {
        "title": "HT208851",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208851"
      },
      {
        "title": "HT208848",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208848"
      },
      {
        "title": "HT208849",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208849"
      },
      {
        "title": "HT208850",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208850"
      },
      {
        "title": "HT208851",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208851"
      },
      {
        "title": "HT208852",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208852"
      },
      {
        "title": "HT208853",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208853"
      },
      {
        "title": "Multiple Apple product Security Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80803"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134255"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4224"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/104378"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208848"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208849"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208850"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208851"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208852"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208853"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1041027"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4224"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4224"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98864649/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
      },
      {
        "trust": 0.7,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4246"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4225"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4190"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4188"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4232"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4204"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4199"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4226"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4235"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4198"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4240"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4237"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4223"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4211"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4241"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4200"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4249"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4243"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4206"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jun/msg00000.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jun/msg00002.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jun/msg00005.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jun/msg00004.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jun/msg00003.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2018/jun/msg00006.html"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2018/jul/83"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4215"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4100"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4239"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4224"
      },
      {
        "db": "BID",
        "id": "104378"
      },
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148644"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4224"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-134255",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4224",
        "ident": null
      },
      {
        "db": "BID",
        "id": "104378",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148017",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148645",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148644",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148028",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148018",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148026",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "148027",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-609",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4224",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-06-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134255",
        "ident": null
      },
      {
        "date": "2018-06-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4224",
        "ident": null
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "BID",
        "id": "104378",
        "ident": null
      },
      {
        "date": "2018-06-04T15:58:18",
        "db": "PACKETSTORM",
        "id": "148017",
        "ident": null
      },
      {
        "date": "2018-07-23T15:22:22",
        "db": "PACKETSTORM",
        "id": "148645",
        "ident": null
      },
      {
        "date": "2018-07-23T14:04:44",
        "db": "PACKETSTORM",
        "id": "148644",
        "ident": null
      },
      {
        "date": "2018-06-04T16:10:27",
        "db": "PACKETSTORM",
        "id": "148028",
        "ident": null
      },
      {
        "date": "2018-06-04T15:58:45",
        "db": "PACKETSTORM",
        "id": "148018",
        "ident": null
      },
      {
        "date": "2018-06-04T16:09:27",
        "db": "PACKETSTORM",
        "id": "148026",
        "ident": null
      },
      {
        "date": "2018-06-04T16:10:01",
        "db": "PACKETSTORM",
        "id": "148027",
        "ident": null
      },
      {
        "date": "2018-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-609",
        "ident": null
      },
      {
        "date": "2018-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005534",
        "ident": null
      },
      {
        "date": "2018-06-08T18:29:01.617000",
        "db": "NVD",
        "id": "CVE-2018-4224",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-07-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134255",
        "ident": null
      },
      {
        "date": "2018-07-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4224",
        "ident": null
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "BID",
        "id": "104378",
        "ident": null
      },
      {
        "date": "2018-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-609",
        "ident": null
      },
      {
        "date": "2018-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005534",
        "ident": null
      },
      {
        "date": "2024-11-21T04:07:00.360000",
        "db": "NVD",
        "id": "CVE-2018-4224",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "104378"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-609"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "plural  Apple Vulnerability that circumvents restrictions on reading device identifiers in product security components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005534"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "overflow, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148017"
      },
      {
        "db": "PACKETSTORM",
        "id": "148645"
      },
      {
        "db": "PACKETSTORM",
        "id": "148644"
      },
      {
        "db": "PACKETSTORM",
        "id": "148028"
      },
      {
        "db": "PACKETSTORM",
        "id": "148018"
      },
      {
        "db": "PACKETSTORM",
        "id": "148026"
      },
      {
        "db": "PACKETSTORM",
        "id": "148027"
      }
    ],
    "trust": 0.7
  }
}

VAR-202108-2072

Vulnerability from variot - Updated: 2026-04-10 23:18

A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , Apple Mac OS X Race condition vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About". Information about the security content is also available at https://support.apple.com/HT212804.

CoreGraphics Available for: macOS Big Sur Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab

CUPS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021

CUPS Available for: macOS Big Sur Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021

CUPS Available for: macOS Big Sur Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-30829: an anonymous researcher Entry added September 20, 2021

curl Available for: macOS Big Sur Impact: curl could potentially reveal sensitive internal information to the server using a clear-text network protocol Description: A buffer overflow was addressed with improved input validation. CVE-2021-22925 Entry added September 20, 2021

CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro Entry added September 20, 2021

FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021

Gatekeeper Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. Entry added September 20, 2021

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30847: Mike Zhang of Pangu Lab Entry added September 20, 2021

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30859: Apple Entry added September 20, 2021

libexpat Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021

Preferences Available for: macOS Big Sur Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021

Sandbox Available for: macOS Big Sur Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021

SMB Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021

SMB Available for: macOS Big Sur Impact: A remote attacker may be able to leak memory Description: A logic issue was addressed with improved state management. CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30858: an anonymous researcher

Additional recognition

APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance. Entry added September 20, 2021

App Support We would like to acknowledge @CodeColorist, an anonymous researcher for their assistance. Entry added September 20, 2021

CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021

CUPS We would like to acknowledge an anonymous researcher for their assistance. Entry added September 20, 2021

Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Entry added September 20, 2021

Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added September 20, 2021

smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. Entry added September 20, 2021

Installation note:

This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B +CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4 5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv 4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9 4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3 85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw= =9bjT -----END PGP SIGNATURE-----

. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30857"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164692"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "PACKETSTORM",
        "id": "164234"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-30857",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2021-30857",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-390590",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2021-30857",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.0,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-30857",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-30857",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-30857",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-1953",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390590",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30857"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , Apple Mac OS X Race condition vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \nInformation about the security content is also available at\nhttps://support.apple.com/HT212804. \n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted PDF may lead to arbitrary\ncode execution. Apple is aware of a report that this issue may have\nbeen actively exploited. \nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30860: The Citizen Lab\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-30829: an anonymous researcher\nEntry added September 20, 2021\n\ncurl\nAvailable for: macOS Big Sur\nImpact: curl could potentially reveal sensitive internal information\nto the server using a clear-text network protocol\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro\nEntry added September 20, 2021\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nGatekeeper\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks. \nCVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. \nEntry added September 20, 2021\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30847: Mike Zhang of Pangu Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A user may gain access to protected parts of the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to leak memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30858: an anonymous researcher\n\nAdditional recognition\n\nAPFS\nWe would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. \nfor their assistance. \nEntry added September 20, 2021\n\nApp Support\nWe would like to acknowledge @CodeColorist, an anonymous researcher\nfor their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \nEntry added September 20, 2021\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added September 20, 2021\n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY\neJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B\n+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4\n5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv\n4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD\nt6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn\nbwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu\nR7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC\nNlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9\n4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3\n85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=\n=9bjT\n-----END PGP SIGNATURE-----\n\n\n\n. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390590"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30857"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164692"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "PACKETSTORM",
        "id": "164234"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30857",
        "trust": 4.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164692",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "164249",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021092024",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3155",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3578",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1953",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "164693",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-390590",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30857",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164246",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164242",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164236",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164234",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390590"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30857"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164692"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "PACKETSTORM",
        "id": "164234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30857"
      }
    ]
  },
  "id": "VAR-202108-2072",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390590"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:18:05.484000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT212815 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT212804"
      },
      {
        "title": "Apple tvOS Repair measures for the competition condition problem loophole",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168172"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.1
      },
      {
        "problemtype": "Race condition (CWE-362) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390590"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30857"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht212815"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212804"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212805"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212807"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212814"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212819"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
      },
      {
        "trust": 0.7,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3155"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164249/apple-security-advisory-2021-09-20-8.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3578"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164692/apple-security-advisory-2021-10-26-10.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-36461"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021092024"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30854"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30837"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30810"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30852"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30808"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht212815."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30834"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30831"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30866"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30814"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht212819."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30811"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212805."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30853"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30845"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212804."
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30820"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212807."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390590"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30857"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164692"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "PACKETSTORM",
        "id": "164234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30857"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390590",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30857",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164693",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164692",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164249",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164246",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164242",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164236",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164234",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1953",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30857",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390590",
        "ident": null
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30857",
        "ident": null
      },
      {
        "date": "2021-10-28T14:58:57",
        "db": "PACKETSTORM",
        "id": "164693",
        "ident": null
      },
      {
        "date": "2021-10-28T14:58:43",
        "db": "PACKETSTORM",
        "id": "164692",
        "ident": null
      },
      {
        "date": "2021-09-22T16:35:10",
        "db": "PACKETSTORM",
        "id": "164249",
        "ident": null
      },
      {
        "date": "2021-09-22T16:33:18",
        "db": "PACKETSTORM",
        "id": "164246",
        "ident": null
      },
      {
        "date": "2021-09-22T16:30:10",
        "db": "PACKETSTORM",
        "id": "164242",
        "ident": null
      },
      {
        "date": "2021-09-22T16:24:22",
        "db": "PACKETSTORM",
        "id": "164236",
        "ident": null
      },
      {
        "date": "2021-09-22T16:22:32",
        "db": "PACKETSTORM",
        "id": "164234",
        "ident": null
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-1953",
        "ident": null
      },
      {
        "date": "2024-07-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-021196",
        "ident": null
      },
      {
        "date": "2021-08-24T19:15:14.167000",
        "db": "NVD",
        "id": "CVE-2021-30857",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390590",
        "ident": null
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30857",
        "ident": null
      },
      {
        "date": "2021-11-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-1953",
        "ident": null
      },
      {
        "date": "2024-07-18T06:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-021196",
        "ident": null
      },
      {
        "date": "2023-11-07T03:33:33.470000",
        "db": "NVD",
        "id": "CVE-2021-30857",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1953"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Race condition vulnerability in multiple Apple products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021196"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1953"
      }
    ],
    "trust": 0.6
  }
}

VAR-201903-0442

Vulnerability from variot - Updated: 2026-04-10 23:18

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of regular expressions. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to multiple memory-corruption vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.1.3; Safari prior to 12.0.3; tvOS prior to 12.1.2; watchOS 5.1.3; Windows-based iCloud prior to 7.10.

Installation note:

Safari 12.0.3 may be obtained from the Mac App Store.

Alternatively, on your watch, select "My Watch > General > About". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-12

                                       https://security.gentoo.org/

Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 14, 2019 Bugs: #672108, #674702, #678334 ID: 201903-12

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-libs/webkit-gtk < 2.22.6 >= 2.22.6

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6"

References

[ 1 ] CVE-2019-6212 https://nvd.nist.gov/vuln/detail/CVE-2019-6212 [ 2 ] CVE-2019-6215 https://nvd.nist.gov/vuln/detail/CVE-2019-6215 [ 3 ] CVE-2019-6216 https://nvd.nist.gov/vuln/detail/CVE-2019-6216 [ 4 ] CVE-2019-6217 https://nvd.nist.gov/vuln/detail/CVE-2019-6217 [ 5 ] CVE-2019-6226 https://nvd.nist.gov/vuln/detail/CVE-2019-6226 [ 6 ] CVE-2019-6227 https://nvd.nist.gov/vuln/detail/CVE-2019-6227 [ 7 ] CVE-2019-6229 https://nvd.nist.gov/vuln/detail/CVE-2019-6229 [ 8 ] CVE-2019-6233 https://nvd.nist.gov/vuln/detail/CVE-2019-6233 [ 9 ] CVE-2019-6234 https://nvd.nist.gov/vuln/detail/CVE-2019-6234

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201903-12

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-1-22-1 iOS 12.1.3

iOS 12.1.3 is now available and addresses the following:

AppleKeyStore Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-6235: Brandon Azad

Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-6200: an anonymous researcher

Core Media Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6202: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6221: Fluoroacetate working with Trend Micro's Zero Day Initiative

CoreAnimation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team

CoreAnimation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan Team

FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-6224: Natalie Silvanovich of Google Project Zero

IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6214: Ian Beer of Google Project Zero

Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved validation. CVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team

Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6210: Ned Williamson of Google

Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory corruption issue was addressed with improved lock state checking. CVE-2019-6205: Ian Beer of Google Project Zero

Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6209: Brandon Azad of Google Project Zero

Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6208: Jann Horn of Google Project Zero

Keyboard Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Password autofill may fill in passwords after they were manually cleared Description: An issue existed with autofill resuming after it was canceled. CVE-2019-6206: Sergey Pershenkov

libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6218: Ian Beer of Google Project Zero

Natural Language Processing Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2019-6219: Authier Thomas

Safari Reader Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2019-6228: Ryan Pickren (ryanpickren.com)

SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-20346: Tencent Blade Team CVE-2018-20505: Tencent Blade Team CVE-2018-20506: Tencent Blade Team

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team CVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6229: Ryan Pickren (ryanpickren.com)

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia Tech CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team CVE-2019-6226: Apple

WebRTC Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-6211: Georgi Geshev (@munmap), Fabi Beterke (@pwnfl4k3s), and Rob Miller (@trotmaster99) of MWR Labs (@mwrlabs) working with Trend Micro's Zero Day Initiative

Additional recognition

mDNSResponder We would like to acknowledge Fatemah Alharbi of University of California, Riverside (UCR) and Taibah University (TU), Feng Qian of University of Minnesota - Twin City, Jie Chang of LinkSure Network, Nael Abu-Ghazaleh of University of California, Riverside (UCR), Yuchen Zhou of Northeastern University, and Zhiyun Qian of University of California, Riverside (UCR) for their assistance.

Safari Reader We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.

WebKit We would like to acknowledge James Lee (@Windowsrcer) of Kryptos Logic for their assistance.

Installation note:

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 12.1.3".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSwpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GA0RAA l3Yft6CRTyGtLyqIanBFP4sMtaxlIP44Y0+gPIf59DhZ7bzuy3s+cjnUJAxrqBC+ NAqrNur5x8OVBIS7T65njvccD7e7uGWBZfeEbMdplT5aK3AvRuW7MyXEo3nZu3dx gMRsubjQmwOnMB3Taxj0a6y2jvLU9DA7IfVyKb7ReCz3wv5KPb4BxLvbHwaMrbsJ SBETrGYMn4awTSmUs/IQTDECOzRLyicQnY44afDL/K9n/oB59VQm5ZUPDj9ofeQN UQsD7XVH19eI99N+uNQ+07GCqQ6++qe+kGVi2RR7HERt3wd4mnV895f6UvhlUjlU K1tY68ZuDNPZ54GJfniFI0OCYfcd5rYsPTnOt11heFnWfG+nnm2r+3BEh60RW5lW ONeyQ3ScubgMV2Teo3G0tWf9BGvKAI+qXbFuzkAMAucB+f7Oj06WDGhYPEAQZ8KR xLSb6nyfihQA6Bz4KbfppKC7I2GuyF6rl5iz+VBPHId7yaF0jxjEiJEF7RbLhbeg k7x8vJrKLR7hAs4AWCq69ZQ6VvmKLdgSNNCcbJIQNPCYtGabOP7xl4piDw4b46wq /LR6UNrYdf/U3hljPfKIBn+0e1EITcKHfUu85MyHftanF1JFYNp03eFJT5ouyMRt LD5C8YOX6VcEwCQqUpKmJD9wWwUehRhEiEffGkR+xSY=Jb8S -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.1.3"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.3"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.10"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.1.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.9.3"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.1.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      },
      {
        "_id": null,
        "model": "watch edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.3"
      },
      {
        "_id": null,
        "model": "macos security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.1.3"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "watch hermes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "_id": null,
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.14.3"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "_id": null,
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.6"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.1.2"
      },
      {
        "_id": null,
        "model": "watch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.0.3"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.10"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-124"
      },
      {
        "db": "BID",
        "id": "106699"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6217"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "flouroacetate",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-124"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-6217",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-6217",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-157652",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-6217",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-6217",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6217",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2019-6217",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-806",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-157652",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-6217",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-124"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157652"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-806"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6217"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of regular expressions. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to multiple memory-corruption vulnerabilities.  Failed  exploit  attempts may result in a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.1.3; Safari prior to 12.0.3; tvOS prior to 12.1.2; watchOS 5.1.3; Windows-based iCloud prior to 7.10. \n\nInstallation note:\n\nSafari 12.0.3 may be obtained from the Mac App Store. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201903-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: WebkitGTK+: Multiple vulnerabilities\n     Date: March 14, 2019\n     Bugs: #672108, #674702, #678334\n       ID: 201903-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-libs/webkit-gtk          \u003c 2.22.6                  \u003e= 2.22.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.22.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-6212\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6212\n[ 2 ] CVE-2019-6215\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6215\n[ 3 ] CVE-2019-6216\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6216\n[ 4 ] CVE-2019-6217\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6217\n[ 5 ] CVE-2019-6226\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6226\n[ 6 ] CVE-2019-6227\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6227\n[ 7 ] CVE-2019-6229\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6229\n[ 8 ] CVE-2019-6233\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6233\n[ 9 ] CVE-2019-6234\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6234\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-1-22-1 iOS 12.1.3\n\niOS 12.1.3 is now available and addresses the following:\n\nAppleKeyStore\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-6235: Brandon Azad\n\nBluetooth\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-6200: an anonymous researcher\n\nCore Media\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6202: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2019-6221: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreAnimation\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team\n\nCoreAnimation\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan\nTeam\n\nFaceTime\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A remote attacker may be able to initiate a FaceTime call\ncausing arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-6224: Natalie Silvanovich of Google Project Zero\n\nIOKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-6214: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of\nQihoo 360 Vulcan Team\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-6210: Ned Williamson of Google\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may cause unexpected changes in\nmemory shared between processes\nDescription: A memory corruption issue was addressed with improved\nlock state checking. \nCVE-2019-6205: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-6213: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2019-6209: Brandon Azad of Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may cause unexpected changes in\nmemory shared between processes\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-6208: Jann Horn of Google Project Zero\n\nKeyboard\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Password autofill may fill in passwords after they were\nmanually cleared\nDescription: An issue existed with autofill resuming after it was\ncanceled. \nCVE-2019-6206: Sergey Pershenkov\n\nlibxpc\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-6218: Ian Beer of Google Project Zero\n\nNatural Language Processing\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2019-6219: Authier Thomas\n\nSafari Reader\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: A cross-site scripting issue existed in Safari. This\nissue was addressed with improved URL validation. \nCVE-2019-6228: Ryan Pickren (ryanpickren.com)\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2018-20346: Tencent Blade Team\nCVE-2018-20505: Tencent Blade Team\nCVE-2018-20506: Tencent Blade Team\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team\nCVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro\u0027s\nZero Day Initiative\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-6229: Ryan Pickren (ryanpickren.com)\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-6215: Lokihardt of Google Project Zero\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia\nTech\nCVE-2019-6216: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2019-6217: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan\nTeam\nCVE-2019-6226: Apple\n\nWebRTC\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-6211: Georgi Geshev (@munmap), Fabi Beterke (@pwnfl4k3s),\nand Rob Miller (@trotmaster99) of MWR Labs (@mwrlabs) working with\nTrend Micro\u0027s Zero Day Initiative\n\nAdditional recognition\n\nmDNSResponder\nWe would like to acknowledge Fatemah Alharbi of University of\nCalifornia, Riverside (UCR) and Taibah University (TU), Feng Qian of\nUniversity of Minnesota - Twin City, Jie Chang of LinkSure Network,\nNael Abu-Ghazaleh of University of California, Riverside (UCR),\nYuchen Zhou of Northeastern University, and Zhiyun Qian of University\nof California, Riverside (UCR) for their assistance. \n\nSafari Reader\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their\nassistance. \n\nWebKit\nWe would like to acknowledge James Lee (@Windowsrcer) of Kryptos\nLogic for their assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 12.1.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSwpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GA0RAA\nl3Yft6CRTyGtLyqIanBFP4sMtaxlIP44Y0+gPIf59DhZ7bzuy3s+cjnUJAxrqBC+\nNAqrNur5x8OVBIS7T65njvccD7e7uGWBZfeEbMdplT5aK3AvRuW7MyXEo3nZu3dx\ngMRsubjQmwOnMB3Taxj0a6y2jvLU9DA7IfVyKb7ReCz3wv5KPb4BxLvbHwaMrbsJ\nSBETrGYMn4awTSmUs/IQTDECOzRLyicQnY44afDL/K9n/oB59VQm5ZUPDj9ofeQN\nUQsD7XVH19eI99N+uNQ+07GCqQ6++qe+kGVi2RR7HERt3wd4mnV895f6UvhlUjlU\nK1tY68ZuDNPZ54GJfniFI0OCYfcd5rYsPTnOt11heFnWfG+nnm2r+3BEh60RW5lW\nONeyQ3ScubgMV2Teo3G0tWf9BGvKAI+qXbFuzkAMAucB+f7Oj06WDGhYPEAQZ8KR\nxLSb6nyfihQA6Bz4KbfppKC7I2GuyF6rl5iz+VBPHId7yaF0jxjEiJEF7RbLhbeg\nk7x8vJrKLR7hAs4AWCq69ZQ6VvmKLdgSNNCcbJIQNPCYtGabOP7xl4piDw4b46wq\n/LR6UNrYdf/U3hljPfKIBn+0e1EITcKHfUu85MyHftanF1JFYNp03eFJT5ouyMRt\nLD5C8YOX6VcEwCQqUpKmJD9wWwUehRhEiEffGkR+xSY=Jb8S\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6217"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-124"
      },
      {
        "db": "BID",
        "id": "106699"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157652"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6217"
      },
      {
        "db": "PACKETSTORM",
        "id": "151281"
      },
      {
        "db": "PACKETSTORM",
        "id": "151332"
      },
      {
        "db": "PACKETSTORM",
        "id": "151283"
      },
      {
        "db": "PACKETSTORM",
        "id": "151282"
      },
      {
        "db": "PACKETSTORM",
        "id": "151285"
      },
      {
        "db": "PACKETSTORM",
        "id": "152086"
      },
      {
        "db": "PACKETSTORM",
        "id": "151280"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6217",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "106699",
        "trust": 2.1
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7473",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-124",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-806",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152086",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0604",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0639",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-157652",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6217",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151281",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151332",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151283",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151282",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151280",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-124"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157652"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6217"
      },
      {
        "db": "BID",
        "id": "106699"
      },
      {
        "db": "PACKETSTORM",
        "id": "151281"
      },
      {
        "db": "PACKETSTORM",
        "id": "151332"
      },
      {
        "db": "PACKETSTORM",
        "id": "151283"
      },
      {
        "db": "PACKETSTORM",
        "id": "151282"
      },
      {
        "db": "PACKETSTORM",
        "id": "151285"
      },
      {
        "db": "PACKETSTORM",
        "id": "152086"
      },
      {
        "db": "PACKETSTORM",
        "id": "151280"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-806"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6217"
      }
    ]
  },
  "id": "VAR-201903-0442",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157652"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:18:02.839000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Apple has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://support.apple.com/kb/HT201222"
      },
      {
        "title": "Multiple Apple product WebKit Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88902"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-806"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157652"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6217"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 3.1,
        "url": "http://www.securityfocus.com/bid/106699"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201903-12"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht209443"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht209447"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht209448"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht209449"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht209450"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht209451"
      },
      {
        "trust": 1.3,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6217"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6226"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6216"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6227"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6212"
      },
      {
        "trust": 0.6,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6215"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6229"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190497-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190511-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76318"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76166"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152086/gentoo-linux-security-advisory-201903-12.html"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20346"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20505"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6233"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20506"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6234"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/accessibility/tvos/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/watchos-2/"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/icloud/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht209451"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht209443"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht209449"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht209447"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht209448"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6235"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6210"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6213"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6214"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6230"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6224"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6231"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6209"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6221"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6225"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6208"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6218"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6228"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6202"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6219"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6211"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6200"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6206"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-124"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157652"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6217"
      },
      {
        "db": "BID",
        "id": "106699"
      },
      {
        "db": "PACKETSTORM",
        "id": "151281"
      },
      {
        "db": "PACKETSTORM",
        "id": "151332"
      },
      {
        "db": "PACKETSTORM",
        "id": "151283"
      },
      {
        "db": "PACKETSTORM",
        "id": "151282"
      },
      {
        "db": "PACKETSTORM",
        "id": "151285"
      },
      {
        "db": "PACKETSTORM",
        "id": "152086"
      },
      {
        "db": "PACKETSTORM",
        "id": "151280"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-806"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6217"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-19-124",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-157652",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6217",
        "ident": null
      },
      {
        "db": "BID",
        "id": "106699",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "151281",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "151332",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "151283",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "151282",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "151285",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "152086",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "151280",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-806",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6217",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-01-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-124",
        "ident": null
      },
      {
        "date": "2019-03-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157652",
        "ident": null
      },
      {
        "date": "2019-03-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6217",
        "ident": null
      },
      {
        "date": "2019-01-22T00:00:00",
        "db": "BID",
        "id": "106699",
        "ident": null
      },
      {
        "date": "2019-01-23T21:27:12",
        "db": "PACKETSTORM",
        "id": "151281",
        "ident": null
      },
      {
        "date": "2019-01-25T14:58:45",
        "db": "PACKETSTORM",
        "id": "151332",
        "ident": null
      },
      {
        "date": "2019-01-23T21:28:00",
        "db": "PACKETSTORM",
        "id": "151283",
        "ident": null
      },
      {
        "date": "2019-01-23T21:27:49",
        "db": "PACKETSTORM",
        "id": "151282",
        "ident": null
      },
      {
        "date": "2019-01-23T21:28:42",
        "db": "PACKETSTORM",
        "id": "151285",
        "ident": null
      },
      {
        "date": "2019-03-14T16:23:59",
        "db": "PACKETSTORM",
        "id": "152086",
        "ident": null
      },
      {
        "date": "2019-01-23T21:27:00",
        "db": "PACKETSTORM",
        "id": "151280",
        "ident": null
      },
      {
        "date": "2019-01-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-806",
        "ident": null
      },
      {
        "date": "2019-03-05T16:29:01.653000",
        "db": "NVD",
        "id": "CVE-2019-6217",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-06-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-124",
        "ident": null
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157652",
        "ident": null
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6217",
        "ident": null
      },
      {
        "date": "2019-01-22T00:00:00",
        "db": "BID",
        "id": "106699",
        "ident": null
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-806",
        "ident": null
      },
      {
        "date": "2024-11-21T04:46:14.680000",
        "db": "NVD",
        "id": "CVE-2019-6217",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-806"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "(Pwn2Own) Apple Safari RegExp JIT Type Confusion Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-124"
      }
    ],
    "trust": 0.7
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-806"
      }
    ],
    "trust": 0.6
  }
}

VAR-202112-2540

Vulnerability from variot - Updated: 2026-04-10 23:18

vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069). ========================================================================== Ubuntu Security Notice USN-5433-1 May 23, 2022

vim vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in Vim.

Software Description: - vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. (CVE-2021-3973)

It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3974)

It was discovered that Vim incorrectly handled memory when opening and editing certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069)

It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-1154)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm4

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-03-14-4 macOS Monterey 12.3

macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.

Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher

AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher

AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team

AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher

AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro

AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher

AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro

AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro

BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623

FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida

ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google

ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google

Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab

IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)

Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher

Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher

Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders

Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)

Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn

libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976

Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher

LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656

GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners

GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners

NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher

PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)

Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing

Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran

Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)

SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger

SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)

System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)

UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt

Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158

VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative

WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google

Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17

xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group

Additional recognition

AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.

Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.

Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.

Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.

Local Authentication We would like to acknowledge an anonymous researcher for their assistance.

Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.

Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.

Siri We would like to acknowledge an anonymous researcher for their assistance.

syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.

TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.

WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.

WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.

macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update Advisory ID: RHSA-2022:0444-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0444 Issue date: 2022-02-07 CVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 =====================================================================

Summary:

A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJDK, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.

Description:

Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.

This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.

Security Fix(es):

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

To update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image, Follow these steps to pull in the content:

On your master hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global "openshift" project. For example:

$ oc login -u system:admin

Update the core set of Red Hat Single Sign-On resources for OpenShift in the "openshift" project by running the following commands:

$ for resource in sso74-image-stream.json \ sso74-https.json \ sso74-mysql.json \ sso74-mysql-persistent.json \ sso74-postgresql.json \ sso74-postgresql-persistent.json \ sso74-x509-https.json \ sso74-x509-mysql-persistent.json \ sso74-x509-postgresql-persistent.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource} done

Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the "openshift" project by running the following commands:

$ oc -n openshift import-image redhat-sso74-openshift:1.0

Bugs fixed (https://bugzilla.redhat.com/):

2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer

JIRA issues fixed (https://issues.jboss.org/):

CIAM-2060 - [log4j 1.x] RH-SSO 7.4.10 OCP images for x86

References:

https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Security updates:

Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
Nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

Bug fixes:

Inform ACM policy is not checking properly the node fields (BZ# 2015588)
ImagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image (BZ# 2021128)
Traceback blocks reconciliation of helm repository hosted on AWS S3 storage (BZ# 2021576)
RHACM 2.3.6 images (BZ# 2029507)
Console UI enabled SNO UI Options not displayed during cluster creating (BZ# 2030002)
Grc pod restarts for each new GET request to the Governance Policy Page (BZ# 2037351)
Clustersets do not appear in UI (BZ# 2049810)
Bugs fixed (https://bugzilla.redhat.com/):

2015588 - Inform ACM policy is not checking properly the node fields 2021128 - imagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image 2021576 - traceback blocks reconciliation of helm repository hosted on AWS S3 storage 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2029507 - RHACM 2.3.6 images 2030002 - Console UI enabled SNO UI Options not displayed during cluster creating 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2037351 - grc pod restarts for each new GET request to the Governance Policy Page 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2049810 - Clustersets do not appear in UI 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function

This update provides security fixes, fixes bugs, and updates the container images. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.4.2 images

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

Security updates:

nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
containerd: Unprivileged pod may bind mount any privileged regular file on disk (CVE-2021-43816)
minio-go: user privilege escalation in AddUser() admin API (CVE-2021-43858)
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
fastify-static: open redirect via an URL with double slash followed by a domain (CVE-2021-22963)
moby: docker cp allows unexpected chmod of host file (CVE-2021-41089)
moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal (CVE-2021-41091)
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
node-fetch: Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0235)
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)

Bug fixes:

Trying to create a new cluster on vSphere and no feedback, stuck in "creating" (Bugzilla #1937078)
The hyperlink of *ks cluster node cannot be opened when I want to check the node (Bugzilla #2028100)
Unable to make SSH connection to a Bitbucket server (Bugzilla #2028196)
RHACM cannot deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1) (Bugzilla #2028931)
RHACM 2.4.2 images (Bugzilla #2029506)
Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0 (Bugzilla #2030005)
Namespace left orphaned after destroying the cluster (Bugzilla #2030379)
The results filtered through the filter contain some data that should not be present in cluster page (Bugzilla #2034198)
Git over ssh doesn't use custom port set in url (Bugzilla #2036057)
The value of name label changed from clusterclaim name to cluster name (Bugzilla #2042223)
ACM configuration policies do not handle Limitrange or Quotas values (Bugzilla #2042545)
Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6 (Bugzilla #2050847)
The azure government regions were not list in the region drop down list when creating the cluster (Bugzilla #2051797)
Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing

Bugs fixed (https://bugzilla.redhat.com/):

2001668 - [DDF] normally, in the OCP web console, one sees a yaml of the secret, where at the bottom, the following is shown: 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2008592 - CVE-2021-41089 moby: docker cp allows unexpected chmod of host file 2012909 - [DDF] We feel it would be beneficial to add a sub-section here referencing the reconcile options available to users when 2015152 - CVE-2021-22963 fastify-static: open redirect via an URL with double slash followed by a domain 2023448 - CVE-2021-41091 moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2028100 - The hyperlink of *ks cluster node can not be opened when I want to check the node 2028196 - Unable to make SSH connection to a Bitbucket server 2028931 - RHACM can not deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1) 2029506 - RHACM 2.4.2 images 2030005 - Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0 2030379 - Namespace left orphaned after destroying the cluster 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032957 - Missing AWX templates in ACM 2034198 - The results filtered through the filter contain some data that should not be present in cluster page 2036057 - git over ssh doesn't use custom port set in url 2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API 2039378 - Deploying CRD via Application does not update status in ACM console 2041015 - The base domain did not updated when switch the provider credentials during create the cluster/cluster pool 2042545 - ACM configuration policies do not handle Limitrange or Quotas values 2043519 - "apps.open-cluster-management.io/git-branch" annotation should be mandatory 2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050847 - Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6 2051797 - the azure government regions were not list in the region drop down list when create the cluster 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6.6"
      },
      {
        "_id": null,
        "model": "vim",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vim",
        "version": "8.2.3949"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "vim",
        "scope": null,
        "trust": 0.8,
        "vendor": "vim",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4192"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165917"
      },
      {
        "db": "PACKETSTORM",
        "id": "166204"
      },
      {
        "db": "PACKETSTORM",
        "id": "166199"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2021-4192",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-4192",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-410613",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-4192",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "security@huntr.dev",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-4192",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-4192",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-4192",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security@huntr.dev",
            "id": "CVE-2021-4192",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-4192",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-2823",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-410613",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-4192",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410613"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-4192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-2823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4192"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4192"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2021-3984,\nCVE-2021-4019, CVE-2021-4069). ==========================================================================\nUbuntu Security Notice USN-5433-1\nMay 23, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled parsing of filenames in its\nsearch functionality. If a user were tricked into opening a specially \ncrafted\nfile, an attacker could crash the application, leading to a denial of\nservice. (CVE-2021-3973)\n\nIt was discovered that Vim incorrectly handled memory when opening and\nsearching the contents of certain files. If a user were tricked into opening\na specially crafted file, an attacker could crash the application, \nleading to\na denial of service, or possibly achieve code execution with user \nprivileges. \n(CVE-2021-3974)\n\nIt was discovered that Vim incorrectly handled memory when opening and\nediting certain files. If a user were tricked into opening a specially \ncrafted file,\nan attacker could crash the application, leading to a denial of service, or\npossibly achieve code execution with user privileges. (CVE-2021-3984,\nCVE-2021-4019, CVE-2021-4069)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading \nto a\ndenial of service, or possibly achieve code execution with user privileges. \n(CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading \nto a\ndenial of service, or possibly achieve code execution with user privileges. \n(CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions through its old regular expression engine. If a user were \ntricked\ninto opening a specially crafted file, an attacker could crash the \napplication,\nleading to a denial of service, or possibly achieve code execution with user\nprivileges. (CVE-2022-1154)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n   vim                             2:7.4.1689-3ubuntu1.5+esm4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update\nAdvisory ID:       RHSA-2022:0444-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0444\nIssue date:        2022-02-07\nCVE Names:         CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 \n                   CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 \n                   CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 \n                   CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 \n                   CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 \n                   CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 \n                   CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 \n                   CVE-2022-23305 CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA new image is available for Red Hat Single Sign-On 7.4.10 on OpenJDK,\nrunning on OpenShift Container Platform 3.10 and 3.11, and 4.3. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. \n\nThis erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use\nwithin the OpenShift Container Platform 3.10, OpenShift Container Platform\n3.11, and within the OpenShift Container Platform 4.3 cloud computing\nPlatform-as-a-Service (PaaS) for on-premise or private cloud deployments,\naligning with the standalone product release. \n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use\nJDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer\n(CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSAppender (CVE-2021-4104)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image,\nFollow these steps to pull in the content:\n\n1. On your master hosts, ensure you are logged into the CLI as a cluster\nadministrator or user with project administrator access to the global\n\"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift in\nthe \"openshift\" project by running the following commands:\n\n$ for resource in sso74-image-stream.json \\ sso74-https.json \\\nsso74-mysql.json \\ sso74-mysql-persistent.json \\ sso74-postgresql.json \\\nsso74-postgresql-persistent.json \\ sso74-x509-https.json \\\nsso74-x509-mysql-persistent.json \\ sso74-x509-postgresql-persistent.json do\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso74-openshift:1.0\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nCIAM-2060 - [log4j 1.x] RH-SSO 7.4.10 OCP images for x86\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3872\nhttps://access.redhat.com/security/cve/CVE-2021-3984\nhttps://access.redhat.com/security/cve/CVE-2021-4019\nhttps://access.redhat.com/security/cve/CVE-2021-4104\nhttps://access.redhat.com/security/cve/CVE-2021-4122\nhttps://access.redhat.com/security/cve/CVE-2021-4192\nhttps://access.redhat.com/security/cve/CVE-2021-4193\nhttps://access.redhat.com/security/cve/CVE-2022-21248\nhttps://access.redhat.com/security/cve/CVE-2022-21282\nhttps://access.redhat.com/security/cve/CVE-2022-21283\nhttps://access.redhat.com/security/cve/CVE-2022-21293\nhttps://access.redhat.com/security/cve/CVE-2022-21294\nhttps://access.redhat.com/security/cve/CVE-2022-21296\nhttps://access.redhat.com/security/cve/CVE-2022-21299\nhttps://access.redhat.com/security/cve/CVE-2022-21305\nhttps://access.redhat.com/security/cve/CVE-2022-21340\nhttps://access.redhat.com/security/cve/CVE-2022-21341\nhttps://access.redhat.com/security/cve/CVE-2022-21360\nhttps://access.redhat.com/security/cve/CVE-2022-21365\nhttps://access.redhat.com/security/cve/CVE-2022-23302\nhttps://access.redhat.com/security/cve/CVE-2022-23305\nhttps://access.redhat.com/security/cve/CVE-2022-23307\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* Nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* Follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nBug fixes:\n\n* Inform ACM policy is not checking properly the node fields (BZ# 2015588)\n\n* ImagePullPolicy is \"Always\" for multicluster-operators-subscription-rhel8\nimage (BZ# 2021128)\n\n* Traceback blocks reconciliation of helm repository hosted on AWS S3\nstorage (BZ# 2021576)\n\n* RHACM 2.3.6 images (BZ# 2029507)\n\n* Console UI enabled SNO UI Options not displayed during cluster creating\n(BZ# 2030002)\n\n* Grc pod restarts for each new GET request to the Governance Policy Page\n(BZ# 2037351)\n\n* Clustersets do not appear in UI (BZ# 2049810)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2015588 - Inform ACM policy is not checking properly the node fields\n2021128 - imagePullPolicy is \"Always\" for multicluster-operators-subscription-rhel8 image\n2021576 - traceback blocks reconciliation of helm repository hosted on AWS S3 storage\n2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability\n2029507 - RHACM 2.3.6 images\n2030002 - Console UI enabled SNO UI Options not displayed during cluster creating\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2037351 - grc pod restarts for each new GET request to the Governance Policy Page\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2049810 - Clustersets do not appear in UI\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n\n5. This update provides security fixes, fixes bugs, and\nupdates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* containerd: Unprivileged pod may bind mount any privileged regular file\non disk (CVE-2021-43816)\n\n* minio-go: user privilege escalation in AddUser() admin API\n(CVE-2021-43858)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching\nANSI escape codes (CVE-2021-3807)\n\n* fastify-static: open redirect via an URL with double slash followed by a\ndomain (CVE-2021-22963)\n\n* moby: `docker cp` allows unexpected chmod of host file (CVE-2021-41089)\n\n* moby: data directory contains subdirectories with insufficiently\nrestricted permissions, which could lead to directory traversal\n(CVE-2021-41091)\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* node-fetch: Exposure of Sensitive Information to an Unauthorized Actor\n(CVE-2022-0235)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\nBug fixes:\n\n* Trying to create a new cluster on vSphere and no feedback, stuck in\n\"creating\" (Bugzilla #1937078)\n\n* The hyperlink of *ks cluster node cannot be opened when I want to check\nthe node (Bugzilla #2028100)\n\n* Unable to make SSH connection to a Bitbucket server (Bugzilla #2028196)\n\n* RHACM cannot deploy Helm Charts with version numbers starting with\nletters (e.g. v1.6.1) (Bugzilla #2028931)\n\n* RHACM 2.4.2 images (Bugzilla #2029506)\n\n* Git Application still appears in Application Table and Resources are\nStill Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0\n(Bugzilla #2030005)\n\n* Namespace left orphaned after destroying the cluster (Bugzilla #2030379)\n\n* The results filtered through the filter contain some data that should not\nbe present in cluster page (Bugzilla #2034198)\n\n* Git over ssh doesn\u0027t use custom port set in url (Bugzilla #2036057)\n\n* The value of name label changed from clusterclaim name to cluster name\n(Bugzilla #2042223)\n\n* ACM configuration policies do not handle Limitrange or Quotas values\n(Bugzilla #2042545)\n\n* Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6\n(Bugzilla #2050847)\n\n* The azure government regions were not list in the region drop down list\nwhen creating the cluster (Bugzilla #2051797)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2001668 - [DDF] normally, in the OCP web console, one sees a yaml of the secret, where at the bottom, the following is shown:\n2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes\n2008592 - CVE-2021-41089 moby: `docker cp` allows unexpected chmod of host file\n2012909 - [DDF] We feel it would be beneficial to add a sub-section here referencing the reconcile options available to users when\n2015152 - CVE-2021-22963 fastify-static: open redirect via an URL with double slash followed by a domain\n2023448 - CVE-2021-41091 moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal\n2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability\n2028100 - The hyperlink of *ks cluster node can not be opened when I want to check the node\n2028196 - Unable to make SSH connection to a Bitbucket server\n2028931 - RHACM can not deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1)\n2029506 - RHACM 2.4.2 images\n2030005 - Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion  after Upgrade from 2.4.0\n2030379 - Namespace left orphaned after destroying the cluster\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032957 - Missing AWX templates in ACM\n2034198 - The results filtered through the filter contain some data that should not be present in cluster page\n2036057 - git over ssh doesn\u0027t use custom port set in url\n2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API\n2039378 - Deploying CRD via Application does not update status in ACM console\n2041015 - The base domain did not updated when switch the provider credentials during create the cluster/cluster pool\n2042545 - ACM configuration policies do not handle Limitrange or Quotas values\n2043519 - \"apps.open-cluster-management.io/git-branch\" annotation should be mandatory\n2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050847 - Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6\n2051797 - the azure government regions were not list in the region drop down list when create the cluster\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature  authenticated user can obtain the privileges of the System account\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-4192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-410613"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-4192"
      },
      {
        "db": "PACKETSTORM",
        "id": "167242"
      },
      {
        "db": "PACKETSTORM",
        "id": "166319"
      },
      {
        "db": "PACKETSTORM",
        "id": "165917"
      },
      {
        "db": "PACKETSTORM",
        "id": "166204"
      },
      {
        "db": "PACKETSTORM",
        "id": "166199"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-410613",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410613"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-4192",
        "trust": 3.9
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/01/15/1",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167242",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166204",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166319",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165813",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166179",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165930",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167188",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167789",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3561",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3002",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0903",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1071",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0870",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2516",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.0019",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1056",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2412",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022052327",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072103",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051702",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031433",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062022",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022022221",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-2823",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "166199",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165917",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165902",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-410613",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-4192",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410613"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-4192"
      },
      {
        "db": "PACKETSTORM",
        "id": "167242"
      },
      {
        "db": "PACKETSTORM",
        "id": "166319"
      },
      {
        "db": "PACKETSTORM",
        "id": "165917"
      },
      {
        "db": "PACKETSTORM",
        "id": "166204"
      },
      {
        "db": "PACKETSTORM",
        "id": "166199"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-2823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4192"
      }
    ]
  },
  "id": "VAR-202112-2540",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410613"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:18:00.385000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT213343",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
      },
      {
        "title": "Red Hat: Moderate: vim security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220366 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220476 - Security Advisory"
      },
      {
        "title": "Red Hat: CVE-2021-4192",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-4192"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Logging bug fix and security update (5.3.5)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220721 - Security Advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-4192"
      },
      {
        "title": "Ubuntu Security Notice: USN-5433-1: Vim vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5433-1"
      },
      {
        "title": "Red Hat: Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220595 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220445 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220444 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220735 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220842 - Security Advisory"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2022-1557",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220856 - Security Advisory"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2022-1743",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
      },
      {
        "title": "Apple: macOS Monterey 12.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
      },
      {
        "title": "Apple: Security Update 2022-005 Catalina",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-4192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.1
      },
      {
        "problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4192"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213183"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213256"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213343"
      },
      {
        "trust": 1.8,
        "url": "https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/mar/29"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/may/35"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/jul/14"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/202208-32"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1071"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166179/red-hat-security-advisory-2022-0721-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213183"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167242/ubuntu-security-notice-usn-5433-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213343"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0870"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2516"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-regexp-percent-v-37346"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165930/red-hat-security-advisory-2022-0476-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165813/red-hat-security-advisory-2022-0366-06.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213256"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0903"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166204/red-hat-security-advisory-2022-0595-02.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022052327"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3872"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-4019"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-4122"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3984"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-4193"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4122"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-4192"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3521"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5433-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4034"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-4034"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3918"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4155"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-43565"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3712"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0185"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3918"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42574"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0185"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-4155"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-42574"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/416.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0366"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2021-4192"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213183."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21248"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21296"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21299"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21341"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21360"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21282"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21360"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0444"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23307"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21341"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21293"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4104"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21282"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21248"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21365"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21365"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23302"
      },
      {
        "trust": 0.1,
        "url": "https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.ga/templates/${resource}"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20321"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42739"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25704"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20612"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-42739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25704"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-20612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0595"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-20617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0155"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22963"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22963"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41091"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41089"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41089"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41091"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43858"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0235"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410613"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-4192"
      },
      {
        "db": "PACKETSTORM",
        "id": "167242"
      },
      {
        "db": "PACKETSTORM",
        "id": "166319"
      },
      {
        "db": "PACKETSTORM",
        "id": "165917"
      },
      {
        "db": "PACKETSTORM",
        "id": "166204"
      },
      {
        "db": "PACKETSTORM",
        "id": "166199"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-2823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4192"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-410613",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-4192",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167242",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166319",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165917",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166204",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166199",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-2823",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4192",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-410613",
        "ident": null
      },
      {
        "date": "2021-12-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-4192",
        "ident": null
      },
      {
        "date": "2022-05-24T17:33:41",
        "db": "PACKETSTORM",
        "id": "167242",
        "ident": null
      },
      {
        "date": "2022-03-15T15:49:02",
        "db": "PACKETSTORM",
        "id": "166319",
        "ident": null
      },
      {
        "date": "2022-02-09T16:10:33",
        "db": "PACKETSTORM",
        "id": "165917",
        "ident": null
      },
      {
        "date": "2022-03-04T16:17:56",
        "db": "PACKETSTORM",
        "id": "166204",
        "ident": null
      },
      {
        "date": "2022-03-04T16:03:16",
        "db": "PACKETSTORM",
        "id": "166199",
        "ident": null
      },
      {
        "date": "2021-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-2823",
        "ident": null
      },
      {
        "date": "2023-01-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-017216",
        "ident": null
      },
      {
        "date": "2021-12-31T15:15:08.560000",
        "db": "NVD",
        "id": "CVE-2021-4192",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-11-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-410613",
        "ident": null
      },
      {
        "date": "2022-07-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-4192",
        "ident": null
      },
      {
        "date": "2023-01-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-2823",
        "ident": null
      },
      {
        "date": "2023-01-10T06:15:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-017216",
        "ident": null
      },
      {
        "date": "2024-11-21T06:37:06.850000",
        "db": "NVD",
        "id": "CVE-2021-4192",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-2823"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "vim\u00a0 Vulnerability in using free memory in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017216"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-2823"
      }
    ],
    "trust": 0.6
  }
}

VAR-202203-0034

Vulnerability from variot - Updated: 2026-04-10 23:16

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256.

apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721

AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team

AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher

AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro

AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e)

CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher

Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc

Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative

IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher

Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)

Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero

LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team

LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778

libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308

OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778

PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)

Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics

Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger

SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)

TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher

Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)

Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128

WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher

Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval

zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530

zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy

zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444

Additional recognition

Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.

macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE-----

. Summary:

An update for httpd24-httpd is now available for Red Hat Software Collections.

Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Security Fix(es):

httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)

Additional changes:

To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.

On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.

If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:

LimitRequestBody 2147483648

Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Bugs fixed (https://bugzilla.redhat.com/):

1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism

Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm

noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

ppc64le: httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm

s390x: httpd24-httpd-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm

x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm

noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2022-22719 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-29404 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-30556 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/6975397

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

The following packages have been upgraded to a later upstream version: httpd (2.4.53).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. Needs documentation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20

                                       https://security.gentoo.org/

Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20

Synopsis

Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Apache HTTPD users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"

All Apache HTTPD tools users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"

References

[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202208-20

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5333-2 March 17, 2022

apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719)

James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720)

It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. (CVE-2022-22721)

Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. (CVE-2022-23943)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm5 apache2-bin 2.4.18-2ubuntu3.17+esm5

Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm4 apache2-bin 2.4.7-1ubuntu4.22+esm4

In general, a standard system update will make all the necessary changes

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "_id": null,
        "model": "zfs storage appliance kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.8"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6.6"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "http server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.4.52"
      },
      {
        "_id": null,
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22719"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168565"
      },
      {
        "db": "PACKETSTORM",
        "id": "169845"
      },
      {
        "db": "PACKETSTORM",
        "id": "169770"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2022-22719",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-22719",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-411395",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-22719",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22719",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-1274",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-411395",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411395"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22719"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\n\nmacOS Big Sur 11.6.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213256. \n\napache\nAvailable for: macOS Big Sur\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleAVD\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22675: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nCoreTypes\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2022-22674: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibresolv\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\n\nLibreSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPrinting\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Big Sur\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nVim\nAvailable for: macOS Big Sur\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted mail message may lead to\nrunning arbitrary javascript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nmacOS Big Sur 11.6.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er\nK8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW\nqtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/\nvZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP\nyXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj\nSY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR\nVZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF\naC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc\nR2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO\nzymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4\nd22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=\n=rtPl\n-----END PGP SIGNATURE-----\n\n\n. Summary:\n\nAn update for httpd24-httpd is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody\n(CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited\nLimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()\n2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2022-22719\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-29404\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-30556\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/6975397\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\nhttpd (2.4.53). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.1 Release Notes linked from the References section. Needs documentation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Apache HTTPD: Multiple Vulnerabilities\n     Date: August 14, 2022\n     Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n       ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n      https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n      https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n      https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n      https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n      https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n      https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5333-2\nMarch 17, 2022\n\napache2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chamal De Silva discovered that the Apache HTTP Server mod_lua module\n incorrectly handled certain crafted request bodies. A remote attacker could\n possibly use this issue to cause the server to crash, resulting in a denial\n of service. (CVE-2022-22719)\n\n James Kettle discovered that the Apache HTTP Server incorrectly closed\n inbound connection when certain errors are encountered. A remote attacker\n could possibly use this issue to perform an HTTP Request Smuggling attack. \n (CVE-2022-22720)\n\n It was discovered that the Apache HTTP Server incorrectly handled large\n LimitXMLRequestBody settings on certain platforms. (CVE-2022-22721)\n\n Ronald Crane discovered that the Apache HTTP Server mod_sed module\n incorrectly handled memory. (CVE-2022-23943)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  apache2                         2.4.18-2ubuntu3.17+esm5\n  apache2-bin                     2.4.18-2ubuntu3.17+esm5\n\nUbuntu 14.04 ESM:\n  apache2                         2.4.7-1ubuntu4.22+esm4\n  apache2-bin                     2.4.7-1ubuntu4.22+esm4\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22719"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411395"
      },
      {
        "db": "PACKETSTORM",
        "id": "167188"
      },
      {
        "db": "PACKETSTORM",
        "id": "167189"
      },
      {
        "db": "PACKETSTORM",
        "id": "168565"
      },
      {
        "db": "PACKETSTORM",
        "id": "169845"
      },
      {
        "db": "PACKETSTORM",
        "id": "169770"
      },
      {
        "db": "PACKETSTORM",
        "id": "168072"
      },
      {
        "db": "PACKETSTORM",
        "id": "166355"
      },
      {
        "db": "PACKETSTORM",
        "id": "166365"
      }
    ],
    "trust": 1.71
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-411395",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411395"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22719",
        "trust": 2.5
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/03/14/4",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166355",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166365",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167189",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169770",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "168565",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "168072",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169845",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022050324",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051703",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060706",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031504",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022041954",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031727",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031416",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032127",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1158",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2411",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1234",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1078",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "167188",
        "trust": 0.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-41639",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167186",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-411395",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411395"
      },
      {
        "db": "PACKETSTORM",
        "id": "167188"
      },
      {
        "db": "PACKETSTORM",
        "id": "167189"
      },
      {
        "db": "PACKETSTORM",
        "id": "168565"
      },
      {
        "db": "PACKETSTORM",
        "id": "169845"
      },
      {
        "db": "PACKETSTORM",
        "id": "169770"
      },
      {
        "db": "PACKETSTORM",
        "id": "168072"
      },
      {
        "db": "PACKETSTORM",
        "id": "166355"
      },
      {
        "db": "PACKETSTORM",
        "id": "166365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22719"
      }
    ]
  },
  "id": "VAR-202203-0034",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411395"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:16:31.216000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Apache HTTP Server Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=186369"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-665",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411395"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22719"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202208-20"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213255"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213256"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213257"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/may/38"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/may/35"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/may/33"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2022/03/14/4"
      },
      {
        "trust": 1.1,
        "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2022-22719"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
      },
      {
        "trust": 0.6,
        "url": "httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1158"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1234"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22719/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1078"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166355/ubuntu-security-notice-usn-5333-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031727"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060706"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213256"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169770/red-hat-security-advisory-2022-7647-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169845/red-hat-security-advisory-2022-8067-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166365/ubuntu-security-notice-usn-5333-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031416"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031504"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022050324"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-http-server-out-of-bounds-memory-reading-via-mod-lua-37792"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032127"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30556"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-28614"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-28615"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-31813"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30522"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22721"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-29404"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-23943"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-26377"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5333-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213256."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213255."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26727"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26748"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26721"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26720"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26722"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26746"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/6975397"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39275"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6753"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34798"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44224"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33193"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8067"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7647"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5333-2"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411395"
      },
      {
        "db": "PACKETSTORM",
        "id": "167188"
      },
      {
        "db": "PACKETSTORM",
        "id": "167189"
      },
      {
        "db": "PACKETSTORM",
        "id": "168565"
      },
      {
        "db": "PACKETSTORM",
        "id": "169845"
      },
      {
        "db": "PACKETSTORM",
        "id": "169770"
      },
      {
        "db": "PACKETSTORM",
        "id": "168072"
      },
      {
        "db": "PACKETSTORM",
        "id": "166355"
      },
      {
        "db": "PACKETSTORM",
        "id": "166365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22719"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-411395",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167188",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167189",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168565",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169845",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169770",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168072",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166355",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166365",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22719",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-03-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411395",
        "ident": null
      },
      {
        "date": "2022-05-17T16:59:42",
        "db": "PACKETSTORM",
        "id": "167188",
        "ident": null
      },
      {
        "date": "2022-05-17T16:59:55",
        "db": "PACKETSTORM",
        "id": "167189",
        "ident": null
      },
      {
        "date": "2022-09-30T14:51:18",
        "db": "PACKETSTORM",
        "id": "168565",
        "ident": null
      },
      {
        "date": "2022-11-15T16:40:34",
        "db": "PACKETSTORM",
        "id": "169845",
        "ident": null
      },
      {
        "date": "2022-11-08T13:48:57",
        "db": "PACKETSTORM",
        "id": "169770",
        "ident": null
      },
      {
        "date": "2022-08-15T16:02:48",
        "db": "PACKETSTORM",
        "id": "168072",
        "ident": null
      },
      {
        "date": "2022-03-17T15:54:28",
        "db": "PACKETSTORM",
        "id": "166355",
        "ident": null
      },
      {
        "date": "2022-03-18T15:34:37",
        "db": "PACKETSTORM",
        "id": "166365",
        "ident": null
      },
      {
        "date": "2022-03-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-1274",
        "ident": null
      },
      {
        "date": "2022-03-14T11:15:09.023000",
        "db": "NVD",
        "id": "CVE-2022-22719",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-11-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411395",
        "ident": null
      },
      {
        "date": "2022-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-1274",
        "ident": null
      },
      {
        "date": "2024-11-21T06:47:18.700000",
        "db": "NVD",
        "id": "CVE-2022-22719",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168072"
      },
      {
        "db": "PACKETSTORM",
        "id": "166355"
      },
      {
        "db": "PACKETSTORM",
        "id": "166365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "Apache HTTP Server Input validation error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1274"
      }
    ],
    "trust": 0.6
  }
}

VAR-202205-1953

Vulnerability from variot - Updated: 2026-04-10 23:14

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. macOS contains an improper comparison vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This security vulnerability occurs when local authorization happens. This flaw allows an malicious user to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution. (CVE-2022-26691).

Bug Fix(es):

30-second delays printing to Windows 2016 server via HTTPS (BZ#2073531)
OADP enables both file system-based and snapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

JIRA issues fixed (https://issues.jboss.org/):

OADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig OADP-154 - Ensure support for backing up resources based on different label selectors OADP-194 - Remove the registry dependency from OADP OADP-199 - Enable support for restore of existing resources OADP-224 - Restore silently ignore resources if they exist - restore log not updated OADP-225 - Restore doesn't update velero.io/backup-name when a resource is updated OADP-234 - Implementation of incremental restore OADP-324 - Add label to Expired backups failing garbage collection OADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases OADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it's unable to find the zone OADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete OADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot OADP-528 - The volumesnapshotcontent is not removed for the synced backup OADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10 OADP-538 - typo on noDefaultBackupLocation error on DPA CR OADP-552 - Validate OADP with 4.11 and Pod Security Admissions OADP-558 - Empty Failed Backup CRs can't be removed OADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version OADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly OADP-592 - OADP must-gather add support for insecure tls OADP-597 - BSL validation logs OADP-598 - Data mover performance on backup blocks backup process OADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl OADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled OADP-602 - Support GCP for openshift-velero-plugin registry OADP-605 - [OCP 4.11] CSI restore fails with admission webhook \"volumesnapshotclasses.snapshot.storage.k8s.io\" denied OADP-607 - DataMover: VSB is stuck on SnapshotBackupDone OADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace OADP-613 - DataMover: upstream documentation refers wrong CRs OADP-637 - Restic backup fails with CA certificate OADP-643 - [Data Mover] VSB and VSR names are not unique OADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable OADP-648 - Remove default limits for velero and restic pods OADP-652 - Data mover VolSync pod errors with Noobaa OADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace OADP-660 - Data mover restic secret does not support Azure OADP-698 - DataMover: volume-snapshot-mover pod points to upstream image OADP-715 - Restic restore fails: restic-wait container continuously fails with "Not found: /restores//.velero/" OADP-716 - Incremental restore: second restore of a namespace partially fails OADP-736 - Data mover VSB always fails with volsync 0.5

========================================================================== Ubuntu Security Notice USN-5454-2 May 31, 2022

cups vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. (CVE-2022-26691)

It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-8842, CVE-2020-10001)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: cups 2.1.3-4ubuntu0.11+esm1

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: OpenShift Container Platform 4.11.0 bug fix and security update Advisory ID: RHSA-2022:5069-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:5069 Issue date: 2022-08-10 CVE Names: CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2018-25032 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-13435 CVE-2020-14155 CVE-2020-17541 CVE-2020-19131 CVE-2020-24370 CVE-2020-28493 CVE-2020-35492 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 CVE-2021-3481 CVE-2021-3580 CVE-2021-3634 CVE-2021-3672 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3737 CVE-2021-4115 CVE-2021-4156 CVE-2021-4189 CVE-2021-20095 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-23566 CVE-2021-23648 CVE-2021-25219 CVE-2021-31535 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-38185 CVE-2021-38593 CVE-2021-40528 CVE-2021-41190 CVE-2021-41617 CVE-2021-42771 CVE-2021-43527 CVE-2021-43818 CVE-2021-44225 CVE-2021-44906 CVE-2022-0235 CVE-2022-0778 CVE-2022-1012 CVE-2022-1215 CVE-2022-1271 CVE-2022-1292 CVE-2022-1586 CVE-2022-1621 CVE-2022-1629 CVE-2022-1706 CVE-2022-1729 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24407 CVE-2022-24675 CVE-2022-24903 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-26691 CVE-2022-26945 CVE-2022-27191 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 CVE-2022-29162 CVE-2022-29810 CVE-2022-29824 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 CVE-2022-32250 ==================================================================== 1. Summary:

Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2022:5068

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):

go-getter: command injection vulnerability (CVE-2022-26945)
go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)
go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)
go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
sanitize-url: XSS (CVE-2021-23648)
minimist: prototype pollution (CVE-2021-44906)
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64

The image digest is sha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4

(For aarch64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-aarch64

The image digest is sha256:29fa8419da2afdb64b5475d2b43dad8cc9205e566db3968c5738e7a91cf96dfe

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-s390x

The image digest is sha256:015d6180238b4024d11dfef6751143619a0458eccfb589f2058ceb1a6359dd46

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-ppc64le

The image digest is sha256:5052f8d5597c6656ca9b6bfd3de521504c79917aa80feb915d3c8546241f86ca

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Bugs fixed (https://bugzilla.redhat.com/):

1817075 - MCC & MCO don't free leader leases during shut down -> 10 minutes of leader election timeouts 1822752 - cluster-version operator stops applying manifests when blocked by a precondition check 1823143 - oc adm release extract --command, --tools doesn't pull from localregistry when given a localregistry/image 1858418 - [OCPonRHV] OpenShift installer fails when Blank template is missing in oVirt/RHV 1859153 - [AWS] An IAM error occurred occasionally during the installation phase: Invalid IAM Instance Profile name 1896181 - [ovirt] install fails: due to terraform error "Cannot run VM. VM is being updated" on vm resource 1898265 - [OCP 4.5][AWS] Installation failed: error updating LB Target Group 1902307 - [vSphere] cloud labels management via cloud provider makes nodes not ready 1905850 - oc adm policy who-can failed to check the operatorcondition/status resource 1916279 - [OCPonRHV] Sometimes terraform installation fails on -failed to fetch Cluster(another terraform bug) 1917898 - [ovirt] install fails: due to terraform error "Tag not matched: expect but got " on vm resource 1918005 - [vsphere] If there are multiple port groups with the same name installation fails 1918417 - IPv6 errors after exiting crictl 1918690 - Should update the KCM resource-graph timely with the latest configure 1919980 - oVirt installer fails due to terraform error "Failed to wait for Templte(...) to become ok" 1921182 - InspectFailed: kubelet Failed to inspect image: rpc error: code = DeadlineExceeded desc = context deadline exceeded 1923536 - Image pullthrough does not pass 429 errors back to capable clients 1926975 - [aws-c2s] kube-apiserver crashloops due to missing cloud config 1928932 - deploy/route_crd.yaml in openshift/router uses deprecated v1beta1 CRD API 1932812 - Installer uses the terraform-provider in the Installer's directory if it exists 1934304 - MemoryPressure Top Pod Consumers seems to be 2x expected value 1943937 - CatalogSource incorrect parsing validation 1944264 - [ovn] CNO should gracefully terminate OVN databases 1944851 - List of ingress routes not cleaned up when routers no longer exist - take 2 1945329 - In k8s 1.21 bump conntrack 'should drop INVALID conntrack entries' tests are disabled 1948556 - Cannot read property 'apiGroup' of undefined error viewing operator CSV 1949827 - Kubelet bound to incorrect IPs, referring to incorrect NICs in 4.5.x 1957012 - Deleting the KubeDescheduler CR does not remove the corresponding deployment or configmap 1957668 - oc login does not show link to console 1958198 - authentication operator takes too long to pick up a configuration change 1958512 - No 1.25 shown in REMOVEDINRELEASE for apis audited with k8s.io/removed-release 1.25 and k8s.io/deprecated true 1961233 - Add CI test coverage for DNS availability during upgrades 1961844 - baremetal ClusterOperator installed by CVO does not have relatedObjects 1965468 - [OSP] Delete volume snapshots based on cluster ID in their metadata 1965934 - can not get new result with "Refresh off" if click "Run queries" again 1965969 - [aws] the public hosted zone id is not correct in the destroy log, while destroying a cluster which is using BYO private hosted zone. 1968253 - GCP CSI driver can provision volume with access mode ROX 1969794 - [OSP] Document how to use image registry PVC backend with custom availability zones 1975543 - [OLM] Remove stale cruft installed by CVO in earlier releases 1976111 - [tracker] multipathd.socket is missing start conditions 1976782 - Openshift registry starts to segfault after S3 storage configuration 1977100 - Pod failed to start with message "set CPU load balancing: readdirent /proc/sys/kernel/sched_domain/cpu66/domain0: no such file or directory" 1978303 - KAS pod logs show: [SHOULD NOT HAPPEN] ...failed to convert new object...CertificateSigningRequest) to smd typed: .status.conditions: duplicate entries for key [type=\"Approved\"] 1978798 - [Network Operator] Upgrade: The configuration to enable network policy ACL logging is missing on the cluster upgraded from 4.7->4.8 1979671 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning 1982737 - OLM does not warn on invalid CSV 1983056 - IP conflict while recreating Pod with fixed name 1984785 - LSO CSV does not contain disconnected annotation 1989610 - Unsupported data types should not be rendered on operand details page 1990125 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit 1990384 - 502 error on "Observe -> Alerting" UI after disabled local alertmanager 1992553 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines 1994117 - Some hardcodes are detected at the code level in orphaned code 1994820 - machine controller doesn't send vCPU quota failed messages to cluster install logs 1995953 - Ingresscontroller change the replicas to scaleup first time will be rolling update for all the ingress pods 1996544 - AWS region ap-northeast-3 is missing in installer prompt 1996638 - Helm operator manager container restart when CR is creating&deleting 1997120 - test_recreate_pod_in_namespace fails - Timed out waiting for namespace 1997142 - OperatorHub: Filtering the OperatorHub catalog is extremely slow 1997704 - [osp][octavia lb] given loadBalancerIP is ignored when creating a LoadBalancer type svc 1999325 - FailedMount MountVolume.SetUp failed for volume "kube-api-access" : object "openshift-kube-scheduler"/"kube-root-ca.crt" not registered 1999529 - Must gather fails to gather logs for all the namespace if server doesn't have volumesnapshotclasses resource 1999891 - must-gather collects backup data even when Pods fails to be created 2000653 - Add hypershift namespace to exclude namespaces list in descheduler configmap 2002009 - IPI Baremetal, qemu-convert takes to long to save image into drive on slow/large disks 2002602 - Storageclass creation page goes blank when "Enable encryption" is clicked if there is a syntax error in the configmap 2002868 - Node exporter not able to scrape OVS metrics 2005321 - Web Terminal is not opened on Stage of DevSandbox when terminal instance is not created yet 2005694 - Removing proxy object takes up to 10 minutes for the changes to propagate to the MCO 2006067 - Objects are not valid as a React child 2006201 - ovirt-csi-driver-node pods are crashing intermittently 2007246 - Openshift Container Platform - Ingress Controller does not set allowPrivilegeEscalation in the router deployment 2007340 - Accessibility issues on topology - list view 2007611 - TLS issues with the internal registry and AWS S3 bucket 2007647 - oc adm release info --changes-from does not show changes in repos that squash-merge 2008486 - Double scroll bar shows up on dragging the task quick search to the bottom 2009345 - Overview page does not load from openshift console for some set of users after upgrading to 4.7.19 2009352 - Add image-registry usage metrics to telemeter 2009845 - Respect overrides changes during installation 2010361 - OpenShift Alerting Rules Style-Guide Compliance 2010364 - OpenShift Alerting Rules Style-Guide Compliance 2010393 - [sig-arch][Late] clients should not use APIs that are removed in upcoming releases [Suite:openshift/conformance/parallel] 2011525 - Rate-limit incoming BFD to prevent ovn-controller DoS 2011895 - Details about cloud errors are missing from PV/PVC errors 2012111 - LSO still try to find localvolumeset which is already deleted 2012969 - need to figure out why osupdatedstart to reboot is zero seconds 2013144 - Developer catalog category links could not be open in a new tab (sharing and open a deep link works fine) 2013461 - Import deployment from Git with s2i expose always port 8080 (Service and Pod template, not Route) if another Route port is selected by the user 2013734 - unable to label downloads route in openshift-console namespace 2013822 - ensure that the container-tools content comes from the RHAOS plashets 2014161 - PipelineRun logs are delayed and stuck on a high log volume 2014240 - Image registry uses ICSPs only when source exactly matches image 2014420 - Topology page is crashed 2014640 - Cannot change storage class of boot disk when cloning from template 2015023 - Operator objects are re-created even after deleting it 2015042 - Adding a template from the catalog creates a secret that is not owned by the TemplateInstance 2015356 - Different status shows on VM list page and details page 2015375 - PVC creation for ODF/IBM Flashsystem shows incorrect types 2015459 - [azure][openstack]When image registry configure an invalid proxy, registry pods are CrashLoopBackOff 2015800 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value 2016425 - Adoption controller generating invalid metadata.Labels for an already adopted Subscription resource 2016534 - externalIP does not work when egressIP is also present 2017001 - Topology context menu for Serverless components always open downwards 2018188 - VRRP ID conflict between keepalived-ipfailover and cluster VIPs 2018517 - [sig-arch] events should not repeat pathologically expand_less failures - s390x CI 2019532 - Logger object in LSO does not log source location accurately 2019564 - User settings resources (ConfigMap, Role, RB) should be deleted when a user is deleted 2020483 - Parameter $auto_interval_period is in Period drop-down list 2020622 - e2e-aws-upi and e2e-azure-upi jobs are not working 2021041 - [vsphere] Not found TagCategory when destroying ipi cluster 2021446 - openshift-ingress-canary is not reporting DEGRADED state, even though the canary route is not available and accessible 2022253 - Web terminal view is broken 2022507 - Pods stuck in OutOfpods state after running cluster-density 2022611 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment 2022745 - Cluster reader is not able to list NodeNetwork objects 2023295 - Must-gather tool gathering data from custom namespaces. 2023691 - ClusterIP internalTrafficPolicy does not work for ovn-kubernetes 2024427 - oc completion zsh doesn't auto complete 2024708 - The form for creating operational CRs is badly rendering filed names ("obsoleteCPUs" -> "Obsolete CP Us" ) 2024821 - [Azure-File-CSI] need more clear info when requesting pvc with volumeMode Block 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2025624 - Ingress router metrics endpoint serving old certificates after certificate rotation 2026356 - [IPI on Azure] The bootstrap machine type should be same as master 2026461 - Completed pods in Openshift cluster not releasing IP addresses and results in err: range is full unless manually deleted 2027603 - [UI] Dropdown doesn't close on it's own after arbiter zone selection on 'Capacity and nodes' page 2027613 - Users can't silence alerts from the dev console 2028493 - OVN-migration failed - ovnkube-node: error waiting for node readiness: timed out waiting for the condition 2028532 - noobaa-pg-db-0 pod stuck in Init:0/2 2028821 - Misspelled label in ODF management UI - MCG performance view 2029438 - Bootstrap node cannot resolve api-int because NetworkManager replaces resolv.conf 2029470 - Recover from suddenly appearing old operand revision WAS: kube-scheduler-operator test failure: Node's not achieving new revision 2029797 - Uncaught exception: ResizeObserver loop limit exceeded 2029835 - CSI migration for vSphere: Inline-volume tests failing 2030034 - prometheusrules.openshift.io: dial tcp: lookup prometheus-operator.openshift-monitoring.svc on 172.30.0.10:53: no such host 2030530 - VM created via customize wizard has single quotation marks surrounding its password 2030733 - wrong IP selected to connect to the nodes when ExternalCloudProvider enabled 2030776 - e2e-operator always uses quay master images during presubmit tests 2032559 - CNO allows migration to dual-stack in unsupported configurations 2032717 - Unable to download ignition after coreos-installer install --copy-network 2032924 - PVs are not being cleaned up after PVC deletion 2033482 - [vsphere] two variables in tf are undeclared and get warning message during installation 2033575 - monitoring targets are down after the cluster run for more than 1 day 2033711 - IBM VPC operator needs e2e csi tests for ibmcloud 2033862 - MachineSet is not scaling up due to an OpenStack error trying to create multiple ports with the same MAC address 2034147 - OpenShift VMware IPI Installation fails with Resource customization when corespersocket is unset and vCPU count is not a multiple of 4 2034296 - Kubelet and Crio fails to start during upgrde to 4.7.37 2034411 - [Egress Router] No NAT rules for ipv6 source and destination created in ip6tables-save 2034688 - Allow Prometheus/Thanos to return 401 or 403 when the request isn't authenticated 2034958 - [sig-network] Conntrack should be able to preserve UDP traffic when initial unready endpoints get ready 2035005 - MCD is not always removing in progress taint after a successful update 2035334 - [RFE] [OCPonRHV] Provision machines with preallocated disks 2035899 - Operator-sdk run bundle doesn't support arm64 env 2036202 - Bump podman to >= 3.3.0 so that setup of multiple credentials for a single registry which can be distinguished by their path will work 2036594 - [MAPO] Machine goes to failed state due to a momentary error of the cluster etcd 2036948 - SR-IOV Network Device Plugin should handle offloaded VF instead of supporting only PF 2037190 - dns operator status flaps between True/False/False and True/True/(False|True) after updating dnses.operator.openshift.io/default 2037447 - Ingress Operator is not closing TCP connections. 2037513 - I/O metrics from the Kubernetes/Compute Resources/Cluster Dashboard show as no datapoints found 2037542 - Pipeline Builder footer is not sticky and yaml tab doesn't use full height 2037610 - typo for the Terminated message from thanos-querier pod description info 2037620 - Upgrade playbook should quit directly when trying to upgrade RHEL-7 workers to 4.10 2037625 - AppliedClusterResourceQuotas can not be shown on project overview 2037626 - unable to fetch ignition file when scaleup rhel worker nodes on cluster enabled Tang disk encryption 2037628 - Add test id to kms flows for automation 2037721 - PodDisruptionBudgetAtLimit alert fired in SNO cluster 2037762 - Wrong ServiceMonitor definition is causing failure during Prometheus configuration reload and preventing changes from being applied 2037841 - [RFE] use /dev/ptp_hyperv on Azure/AzureStack 2038115 - Namespace and application bar is not sticky anymore 2038244 - Import from git ignore the given servername and could not validate On-Premises GitHub and BitBucket installations 2038405 - openshift-e2e-aws-workers-rhel-workflow in CI step registry broken 2038774 - IBM-Cloud OVN IPsec fails, IKE UDP ports and ESP protocol not in security group 2039135 - the error message is not clear when using "opm index prune" to prune a file-based index image 2039161 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected 2039253 - ovnkube-node crashes on duplicate endpoints 2039256 - Domain validation fails when TLD contains a digit. 2039277 - Topology list view items are not highlighted on keyboard navigation 2039462 - Application tab in User Preferences dropdown menus are too wide. 2039477 - validation icon is missing from Import from git 2039589 - The toolbox command always ignores [command] the first time 2039647 - Some developer perspective links are not deep-linked causes developer to sometimes delete/modify resources in the wrong project 2040180 - Bug when adding a new table panel to a dashboard for OCP UI with only one value column 2040195 - Ignition fails to enable systemd units with backslash-escaped characters in their names 2040277 - ThanosRuleNoEvaluationFor10Intervals alert description is wrong 2040488 - OpenShift-Ansible BYOH Unit Tests are Broken 2040635 - CPU Utilisation is negative number for "Kubernetes / Compute Resources / Cluster" dashboard 2040654 - 'oc adm must-gather -- some_script' should exit with same non-zero code as the failed 'some_script' exits 2040779 - Nodeport svc not accessible when the backend pod is on a window node 2040933 - OCP 4.10 nightly build will fail to install if multiple NICs are defined on KVM nodes 2041133 - 'oc explain route.status.ingress.conditions' shows type 'Currently only Ready' but actually is 'Admitted' 2041454 - Garbage values accepted for --reference-policy in oc import-image without any error 2041616 - Ingress operator tries to manage DNS of additional ingresscontrollers that are not under clusters basedomain, which can't work 2041769 - Pipeline Metrics page not showing data for normal user 2041774 - Failing git detection should not recommend Devfiles as import strategy 2041814 - The KubeletConfigController wrongly process multiple confs for a pool 2041940 - Namespace pre-population not happening till a Pod is created 2042027 - Incorrect feedback for "oc label pods --all" 2042348 - Volume ID is missing in output message when expanding volume which is not mounted. 2042446 - CSIWithOldVSphereHWVersion alert recurring despite upgrade to vmx-15 2042501 - use lease for leader election 2042587 - ocm-operator: Improve reconciliation of CA ConfigMaps 2042652 - Unable to deploy hw-event-proxy operator 2042838 - The status of container is not consistent on Container details and pod details page 2042852 - Topology toolbars are unaligned to other toolbars 2042999 - A pod cannot reach kubernetes.default.svc.cluster.local cluster IP 2043035 - Wrong error code provided when request contains invalid argument 2043068 - available of text disappears in Utilization item if x is 0 2043080 - openshift-installer intermittent failure on AWS with Error: InvalidVpcID.NotFound: The vpc ID 'vpc-123456789' does not exist 2043094 - ovnkube-node not deleting stale conntrack entries when endpoints go away 2043118 - Host should transition through Preparing when HostFirmwareSettings changed 2043132 - Add a metric when vsphere csi storageclass creation fails 2043314 - oc debug node does not meet compliance requirement 2043336 - Creating multi SriovNetworkNodePolicy cause the worker always be draining 2043428 - Address Alibaba CSI driver operator review comments 2043533 - Update ironic, inspector, and ironic-python-agent to latest bugfix release 2043672 - [MAPO] root volumes not working 2044140 - When 'oc adm upgrade --to-image ...' rejects an update as not recommended, it should mention --allow-explicit-upgrade 2044207 - [KMS] The data in the text box does not get cleared on switching the authentication method 2044227 - Test Managed cluster should only include cluster daemonsets that have maxUnavailable update of 10 or 33 percent fails 2044412 - Topology list misses separator lines and hover effect let the list jump 1px 2044421 - Topology list does not allow selecting an application group anymore 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2044803 - Unify button text style on VM tabs 2044824 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s] 2045065 - Scheduled pod has nodeName changed 2045073 - Bump golang and build images for local-storage-operator 2045087 - Failed to apply sriov policy on intel nics 2045551 - Remove enabled FeatureGates from TechPreviewNoUpgrade 2045559 - API_VIP moved when kube-api container on another master node was stopped 2045577 - [ocp 4.9 | ovn-kubernetes] ovsdb_idl|WARN|transaction error: {"details":"cannot delete Datapath_Binding row 29e48972-xxxx because of 2 remaining reference(s)","error":"referential integrity violation 2045872 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2046133 - [MAPO]IPI proxy installation failed 2046156 - Network policy: preview of affected pods for non-admin shows empty popup 2046157 - Still uses pod-security.admission.config.k8s.io/v1alpha1 in admission plugin config 2046191 - Opeartor pod is missing correct qosClass and priorityClass 2046277 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the module.vpc.aws_subnet.private_subnet[0] resource 2046319 - oc debug cronjob command failed with error "unable to extract pod template from type v1.CronJob". 2046435 - Better Devfile Import Strategy support in the 'Import from Git' flow 2046496 - Awkward wrapping of project toolbar on mobile 2046497 - Re-enable TestMetricsEndpoint test case in console operator e2e tests 2046498 - "All Projects" and "all applications" use different casing on topology page 2046591 - Auto-update boot source is not available while create new template from it 2046594 - "Requested template could not be found" while creating VM from user-created template 2046598 - Auto-update boot source size unit is byte on customize wizard 2046601 - Cannot create VM from template 2046618 - Start last run action should contain current user name in the started-by annotation of the PLR 2046662 - Should upgrade the go version to be 1.17 for example go operator memcached-operator 2047197 - Sould upgrade the operator_sdk.util version to "0.4.0" for the "osdk_metric" module 2047257 - [CP MIGRATION] Node drain failure during control plane node migration 2047277 - Storage status is missing from status card of virtualization overview 2047308 - Remove metrics and events for master port offsets 2047310 - Running VMs per template card needs empty state when no VMs exist 2047320 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services 2047335 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2047362 - Removing prometheus UI access breaks origin test 2047445 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure 2047670 - Installer should pre-check that the hosted zone is not associated with the VPC and throw the error message. 2047702 - Issue described on bug #2013528 reproduced: mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2047710 - [OVN] ovn-dbchecker CrashLoopBackOff and sbdb jsonrpc unix socket receive error 2047732 - [IBM]Volume is not deleted after destroy cluster 2047741 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the module.masters.aws_network_interface.master[1] resource 2047790 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2047799 - release-openshift-ocp-installer-e2e-aws-upi-4.9 2047870 - Prevent redundant queries of BIOS settings in HostFirmwareController 2047895 - Fix architecture naming in oc adm release mirror for aarch64 2047911 - e2e: Mock CSI tests fail on IBM ROKS clusters 2047913 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2047925 - [FJ OCP4.10 Bug]: IRONIC_KERNEL_PARAMS does not contain coreos_kernel_params during iPXE boot 2047935 - [4.11] Bootimage bump tracker 2047998 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin- 2048059 - Service Level Agreement (SLA) always show 'Unknown' 2048067 - [IPI on Alibabacloud] "Platform Provisioning Check" tells '"ap-southeast-6": enhanced NAT gateway is not supported', which seems false 2048186 - Image registry operator panics when finalizes config deletion 2048214 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud 2048219 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool 2048221 - Capitalization of titles in the VM details page is inconsistent. 2048222 - [AWS GovCloud] Cluster can not be installed on AWS GovCloud regions via terminal interactive UI. 2048276 - Cypress E2E tests fail due to a typo in test-cypress.sh 2048333 - prometheus-adapter becomes inaccessible during rollout 2048352 - [OVN] node does not recover after NetworkManager restart, NotReady and unreachable 2048442 - [KMS] UI does not have option to specify kube auth path and namespace for cluster wide encryption 2048451 - Custom serviceEndpoints in install-config are reported to be unreachable when environment uses a proxy 2048538 - Network policies are not implemented or updated by OVN-Kubernetes 2048541 - incorrect rbac check for install operator quick starts 2048563 - Leader election conventions for cluster topology 2048575 - IP reconciler cron job failing on single node 2048686 - Check MAC address provided on the install-config.yaml file 2048687 - All bare metal jobs are failing now due to End of Life of centos 8 2048793 - Many Conformance tests are failing in OCP 4.10 with Kuryr 2048803 - CRI-O seccomp profile out of date 2048824 - [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class 2048841 - [ovn] Missing lr-policy-list and snat rules for egressip when new pods are added 2048955 - Alibaba Disk CSI Driver does not have CI 2049073 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured 2049078 - Bond CNI: Failed to attach Bond NAD to pod 2049108 - openshift-installer intermittent failure on AWS with 'Error: Error waiting for NAT Gateway (nat-xxxxx) to become available' 2049117 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently 2049133 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index 2049142 - Missing "app" label 2049169 - oVirt CSI driver should use the trusted CA bundle when cluster proxy is configured 2049234 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format" 2049410 - external-dns-operator creates provider section, even when not requested 2049483 - Sidepanel for Connectors/workloads in topology shows invalid tabs 2049613 - MTU migration on SDN IPv4 causes API alerts 2049671 - system:serviceaccount:openshift-cluster-csi-drivers:aws-ebs-csi-driver-operator trying to GET and DELETE /api/v1/namespaces/openshift-cluster-csi-drivers/configmaps/kube-cloud-config which does not exist 2049687 - superfluous apirequestcount entries in audit log 2049775 - cloud-provider-config change not applied when ExternalCloudProvider enabled 2049787 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs 2049832 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes 2049872 - cluster storage operator AWS credentialsrequest lacks KMS privileges 2049889 - oc new-app --search nodejs warns about access to sample content on quay.io 2050005 - Plugin module IDs can clash with console module IDs causing runtime errors 2050011 - Observe > Metrics page: Timespan text input and dropdown do not align 2050120 - Missing metrics in kube-state-metrics 2050146 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension' 2050173 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0 2050180 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2 2050300 - panic in cluster-storage-operator while updating status 2050332 - Malformed ClusterClaim lifetimes cause the clusterclaims-controller to silently fail to reconcile all clusterclaims 2050335 - azure-disk failed to mount with error special device does not exist 2050345 - alert data for burn budget needs to be updated to prevent regression 2050407 - revert "force cert rotation every couple days for development" in 4.11 2050409 - ip-reconcile job is failing consistently 2050452 - Update osType and hardware version used by RHCOS OVA to indicate it is a RHEL 8 guest 2050466 - machine config update with invalid container runtime config should be more robust 2050637 - Blog Link not re-directing to the intented website in the last modal in the Dev Console Onboarding Tour 2050698 - After upgrading the cluster the console still show 0 of N, 0% progress for worker nodes 2050707 - up test for prometheus pod look to far in the past 2050767 - Vsphere upi tries to access vsphere during manifests generation phase 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2050882 - Crio appears to be coredumping in some scenarios 2050902 - not all resources created during import have common labels 2050946 - Cluster-version operator fails to notice TechPreviewNoUpgrade featureSet change after initialization-lookup error 2051320 - Need to build ose-aws-efs-csi-driver-operator-bundle-container image for 4.11 2051333 - [aws] records in public hosted zone and BYO private hosted zone were not deleted. 2051377 - Unable to switch vfio-pci to netdevice in policy 2051378 - Template wizard is crashed when there are no templates existing 2051423 - migrate loadbalancers from amphora to ovn not working 2051457 - [RFE] PDB for cloud-controller-manager to avoid going too many replicas down 2051470 - prometheus: Add validations for relabel configs 2051558 - RoleBinding in project without subject is causing "Project access" page to fail 2051578 - Sort is broken for the Status and Version columns on the Cluster Settings > ClusterOperators page 2051583 - sriov must-gather image doesn't work 2051593 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line 2051611 - Remove Check which enforces summary_interval must match logSyncInterval 2051642 - Remove "Tech-Preview" Label for the Web Terminal GA release 2051657 - Remove 'Tech preview' from minnimal deployment Storage System creation 2051718 - MetaLLB: Validation Webhook: BGPPeer hold time is allowed to be set to less than 3s 2051722 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2051881 - [vSphere CSI driver Operator] RWX volumes counts metrics vsphere_rwx_volumes_total not valid 2051954 - Allow changing of policyAuditConfig ratelimit post-deployment 2051969 - Need to build local-storage-operator-metadata-container image for 4.11 2051985 - An APIRequestCount without dots in the name can cause a panic 2052016 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. 2052034 - Can't start correct debug pod using pod definition yaml in OCP 4.8 2052055 - Whereabouts should implement client-go 1.22+ 2052056 - Static pod installer should throttle creating new revisions 2052071 - local storage operator metrics target down after upgrade 2052095 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 2052270 - FSyncControllerDegraded has "treshold" -> "threshold" typos 2052309 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052332 - Probe failures and pod restarts during 4.7 to 4.8 upgrade 2052393 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052398 - 4.9 to 4.10 upgrade fails for ovnkube-masters 2052415 - Pod density test causing problems when using kube-burner 2052513 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. 2052578 - Create new app from a private git repository using 'oc new app' with basic auth does not work. 2052595 - Remove dev preview badge from IBM FlashSystem deployment windows 2052618 - Node reboot causes duplicate persistent volumes 2052671 - Add Sprint 214 translations 2052674 - Remove extra spaces 2052700 - kube-controller-manger should use configmap lease 2052701 - kube-scheduler should use configmap lease 2052814 - go fmt fails in OSM after migration to go 1.17 2052840 - IMAGE_BUILDER=docker make test-e2e-operator-ocp runs with podman instead of docker 2052953 - Observe dashboard always opens for last viewed workload instead of the selected one 2052956 - Installing virtualization operator duplicates the first action on workloads in topology 2052975 - High cpu load on Juniper Qfx5120 Network switches after upgrade to Openshift 4.8.26 2052986 - Console crashes when Mid cycle hook in Recreate strategy(edit deployment/deploymentConfig) selects Lifecycle strategy as "Tags the current image as an image stream tag if the deployment succeeds" 2053006 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11 2053104 - [vSphere CSI driver Operator] hw_version_total metric update wrong value after upgrade nodes hardware version from vmx-13 to vmx-15 2053112 - nncp status is unknown when nnce is Progressing 2053118 - nncp Available condition reason should be exposed in oc get 2053168 - Ensure the core dynamic plugin SDK package has correct types and code 2053205 - ci-openshift-cluster-network-operator-master-e2e-agnostic-upgrade is failing most of the time 2053304 - Debug terminal no longer works in admin console 2053312 - requestheader IDP test doesn't wait for cleanup, causing high failure rates 2053334 - rhel worker scaleup playbook failed because missing some dependency of podman 2053343 - Cluster Autoscaler not scaling down nodes which seem to qualify for scale-down 2053491 - nmstate interprets interface names as float64 and subsequently crashes on state update 2053501 - Git import detection does not happen for private repositories 2053582 - inability to detect static lifecycle failure 2053596 - [IBM Cloud] Storage IOPS limitations and lack of IPI ETCD deployment options trigger leader election during cluster initialization 2053609 - LoadBalancer SCTP service leaves stale conntrack entry that causes issues if service is recreated 2053622 - PDB warning alert when CR replica count is set to zero 2053685 - Topology performance: Immutable .toJSON consumes a lot of CPU time when rendering a large topology graph (~100 nodes) 2053721 - When using RootDeviceHint rotational setting the host can fail to provision 2053922 - [OCP 4.8][OVN] pod interface: error while waiting on OVS.Interface.external-ids 2054095 - [release-4.11] Gather images.conifg.openshift.io cluster resource definiition 2054197 - The ProjectHelmChartRepositrory schema has merged but has not been initialized in the cluster yet 2054200 - Custom created services in openshift-ingress removed even though the services are not of type LoadBalancer 2054238 - console-master-e2e-gcp-console is broken 2054254 - vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 2054285 - Services other than knative service also shows as KSVC in add subscription/trigger modal 2054319 - must-gather | gather_metallb_logs can't detect metallb pod 2054351 - Rrestart of ptp4l/phc2sys on change of PTPConfig generates more than one times, socket error in event frame work 2054385 - redhat-operatori ndex image build failed with AMQ brew build - amq-interconnect-operator-metadata-container-1.10.13 2054564 - DPU network operator 4.10 branch need to sync with master 2054630 - cancel create silence from kebab menu of alerts page will navigated to the previous page 2054693 - Error deploying HorizontalPodAutoscaler with oc new-app command in OpenShift 4 2054701 - [MAPO] Events are not created for MAPO machines 2054705 - [tracker] nf_reinject calls nf_queue_entry_free on an already freed entry->state 2054735 - Bad link in CNV console 2054770 - IPI baremetal deployment metal3 pod crashes when using capital letters in hosts bootMACAddress 2054787 - SRO controller goes to CrashLoopBackOff status when the pull-secret does not have the correct permissions 2054950 - A large number is showing on disk size field 2055305 - Thanos Querier high CPU and memory usage till OOM 2055386 - MetalLB changes the shared external IP of a service upon updating the externalTrafficPolicy definition 2055433 - Unable to create br-ex as gateway is not found 2055470 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation 2055492 - The default YAML on vm wizard is not latest 2055601 - installer did not destroy .app dns recored in a IPI on ASH install 2055702 - Enable Serverless tests in CI 2055723 - CCM operator doesn't deploy resources after enabling TechPreviewNoUpgrade feature set. 2055729 - NodePerfCheck fires and stays active on momentary high latency 2055814 - Custom dynamic exntension point causes runtime and compile time error 2055861 - cronjob collect-profiles failed leads node reach to OutOfpods status 2055980 - [dynamic SDK][internal] console plugin SDK does not support table actions 2056454 - Implement preallocated disks for oVirt in the cluster API provider 2056460 - Implement preallocated disks for oVirt in the OCP installer 2056496 - If image does not exists for builder image then upload jar form crashes 2056519 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies 2056607 - Running kubernetes-nmstate handler e2e tests stuck on OVN clusters 2056752 - Better to named the oc-mirror version info with more information like the oc version --client 2056802 - "enforcedLabelLimit|enforcedLabelNameLengthLimit|enforcedLabelValueLengthLimit" do not take effect 2056841 - [UI] [DR] Web console update is available pop-up is seen multiple times on Hub cluster where ODF operator is not installed and unnecessarily it pop-up on the Managed cluster as well where ODF operator is installed 2056893 - incorrect warning for --to-image in oc adm upgrade help 2056967 - MetalLB: speaker metrics is not updated when deleting a service 2057025 - Resource requests for the init-config-reloader container of prometheus-k8s- pods are too high 2057054 - SDK: k8s methods resolves into Response instead of the Resource 2057079 - [cluster-csi-snapshot-controller-operator] CI failure: events should not repeat pathologically 2057101 - oc commands working with images print an incorrect and inappropriate warning 2057160 - configure-ovs selects wrong interface on reboot 2057183 - OperatorHub: Missing "valid subscriptions" filter 2057251 - response code for Pod count graph changed from 422 to 200 periodically for about 30 minutes if pod is rescheduled 2057358 - [Secondary Scheduler] - cannot build bundle index image using the secondary scheduler operator bundle 2057387 - [Secondary Scheduler] - olm.skiprange, com.redhat.openshift.versions is incorrect and no minkubeversion 2057403 - CMO logs show forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot get resource "replicasets" in API group "apps" in the namespace "openshift-monitoring" 2057495 - Alibaba Disk CSI driver does not provision small PVCs 2057558 - Marketplace operator polls too frequently for cluster operator status changes 2057633 - oc rsync reports misleading error when container is not found 2057642 - ClusterOperator status.conditions[].reason "etcd disk metrics exceeded..." should be a CamelCase slug 2057644 - FSyncControllerDegraded latches True, even after fsync latency recovers on all members 2057696 - Removing console still blocks OCP install from completing 2057762 - ingress operator should report Upgradeable False to remind user before upgrade to 4.10 when Non-SAN certs are used 2057832 - expr for record rule: "cluster:telemetry_selected_series:count" is improper 2057967 - KubeJobCompletion does not account for possible job states 2057990 - Add extra debug information to image signature workflow test 2057994 - SRIOV-CNI failed to load netconf: LoadConf(): failed to get VF information 2058030 - On OCP 4.10+ using OVNK8s on BM IPI, nodes register as localhost.localdomain 2058217 - [vsphere-problem-detector-operator] 'vsphere_rwx_volumes_total' metric name make confused 2058225 - openshift_csi_share_ metrics are not found from telemeter server 2058282 - Websockets stop updating during cluster upgrades 2058291 - CI builds should have correct version of Kube without needing to push tags everytime 2058368 - Openshift OVN-K got restarted mutilple times with the error " ovsdb-server/memory-trim-on-compaction on'' failed: exit status 1 and " ovndbchecker.go:118] unable to turn on memory trimming for SB DB, stderr " , cluster unavailable 2058370 - e2e-aws-driver-toolkit CI job is failing 2058421 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install 2058424 - ConsolePlugin proxy always passes Authorization header even if authorize property is omitted or false 2058623 - Bootstrap server dropdown menu in Create Event Source- KafkaSource form is empty even if it's created 2058626 - Multiple Azure upstream kube fsgroupchangepolicy tests are permafailing expecting gid "1000" but geting "root" 2058671 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff 2058692 - [Secondary Scheduler] Creating secondaryscheduler instance fails with error "key failed with : secondaryschedulers.operator.openshift.io "secondary-scheduler" not found" 2059187 - [Secondary Scheduler] - key failed with : serviceaccounts "secondary-scheduler" is forbidden 2059212 - [tracker] Backport https://github.com/util-linux/util-linux/commit/eab90ef8d4f66394285e0cff1dfc0a27242c05aa 2059213 - ART cannot build installer images due to missing terraform binaries for some architectures 2059338 - A fully upgraded 4.10 cluster defaults to HW-13 hardware version even if HW-15 is default (and supported) 2059490 - The operator image in CSV file of the ART DPU network operator bundle is incorrect 2059567 - vMedia based IPI installation of OpenShift fails on Nokia servers due to issues with virtual media attachment and boot source override 2059586 - (release-4.11) Insights operator doesn't reconcile clusteroperator status condition messages 2059654 - Dynamic demo plugin proxy example out of date 2059674 - Demo plugin fails to build 2059716 - cloud-controller-manager flaps operator version during 4.9 -> 4.10 update 2059791 - [vSphere CSI driver Operator] didn't update 'vsphere_csi_driver_error' metric value when fixed the error manually 2059840 - [LSO]Could not gather logs for pod diskmaker-discovery and diskmaker-manager 2059943 - MetalLB: Move CI config files to metallb repo from dev-scripts repo 2060037 - Configure logging level of FRR containers 2060083 - CMO doesn't react to changes in clusteroperator console 2060091 - CMO produces invalid alertmanager statefulset if console cluster .status.consoleURL is unset 2060133 - [OVN RHEL upgrade] could not find IP addresses: failed to lookup link br-ex: Link not found 2060147 - RHEL8 Workers Need to Ensure libseccomp is up to date at install time 2060159 - LGW: External->Service of type ETP=Cluster doesn't go to the node 2060329 - Detect unsupported amount of workloads before rendering a lazy or crashing topology 2060334 - Azure VNET lookup fails when the NIC subnet is in a different resource group 2060361 - Unable to enumerate NICs due to missing the 'primary' field due to security restrictions 2060406 - Test 'operators should not create watch channels very often' fails 2060492 - Update PtpConfigSlave source-crs to use network_transport L2 instead of UDPv4 2060509 - Incorrect installation of ibmcloud vpc csi driver in IBM Cloud ROKS 4.10 2060532 - LSO e2e tests are run against default image and namespace 2060534 - openshift-apiserver pod in crashloop due to unable to reach kubernetes svc ip 2060549 - ErrorAddingLogicalPort: duplicate IP found in ECMP Pod route cache! 2060553 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc 2060583 - Remove Console internal-kubevirt plugin SDK package 2060605 - Broken access to public images: Unable to connect to the server: no basic auth credentials 2060617 - IBMCloud destroy DNS regex not strict enough 2060687 - Azure Ci: SubscriptionDoesNotSupportZone - does not support availability zones at location 'westus' 2060697 - [AWS] partitionNumber cannot work for specifying Partition number 2060714 - [DOCS] Change source_labels to sourceLabels in "Configuring remote write storage" section 2060837 - [oc-mirror] Catalog merging error when two or more bundles does not have a set Replace field 2060894 - Preceding/Trailing Whitespaces In Form Elements on the add page 2060924 - Console white-screens while using debug terminal 2060968 - Installation failing due to ironic-agent.service not starting properly 2060970 - Bump recommended FCOS to 35.20220213.3.0 2061002 - Conntrack entry is not removed for LoadBalancer IP 2061301 - Traffic Splitting Dialog is Confusing With Only One Revision 2061303 - Cachito request failure with vendor directory is out of sync with go.mod/go.sum 2061304 - workload info gatherer - don't serialize empty images map 2061333 - White screen for Pipeline builder page 2061447 - [GSS] local pv's are in terminating state 2061496 - etcd RecentBackup=Unknown ControllerStarted contains no message string 2061527 - [IBMCloud] infrastructure asset missing CloudProviderType 2061544 - AzureStack is hard-coded to use Standard_LRS for the disk type 2061549 - AzureStack install with internal publishing does not create api DNS record 2061611 - [upstream] The marker of KubeBuilder doesn't work if it is close to the code 2061732 - Cinder CSI crashes when API is not available 2061755 - Missing breadcrumb on the resource creation page 2061833 - A single worker can be assigned to multiple baremetal hosts 2061891 - [IPI on IBMCLOUD] missing ?br-sao? region in openshift installer 2061916 - mixed ingress and egress policies can result in half-isolated pods 2061918 - Topology Sidepanel style is broken 2061919 - Egress Ip entry stays on node's primary NIC post deletion from hostsubnet 2062007 - MCC bootstrap command lacks template flag 2062126 - IPfailover pod is crashing during creation showing keepalived_script doesn't exist 2062151 - Add RBAC for 'infrastructures' to operator bundle 2062355 - kubernetes-nmstate resources and logs not included in must-gathers 2062459 - Ingress pods scheduled on the same node 2062524 - [Kamelet Sink] Topology crashes on click of Event sink node if the resource is created source to Uri over ref 2062558 - Egress IP with openshift sdn in not functional on worker node. 2062568 - CVO does not trigger new upgrade again after fail to update to unavailable payload 2062645 - configure-ovs: don't restart networking if not necessary 2062713 - Special Resource Operator(SRO) - No sro_used_nodes metric 2062849 - hw event proxy is not binding on ipv6 local address 2062920 - Project selector is too tall with only a few projects 2062998 - AWS GovCloud regions are recognized as the unknown regions 2063047 - Configuring a full-path query log file in CMO breaks Prometheus with the latest version of the operator 2063115 - ose-aws-efs-csi-driver has invalid dependency in go.mod 2063164 - metal-ipi-ovn-ipv6 Job Permafailing and Blocking OpenShift 4.11 Payloads: insights operator is not available 2063183 - DefragDialTimeout is set to low for large scale OpenShift Container Platform - Cluster 2063194 - cluster-autoscaler-default will fail when automated etcd defrag is running on large scale OpenShift Container Platform 4 - Cluster 2063321 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs 2063324 - MCO template output directories created with wrong mode causing render failure in unprivileged container environments 2063375 - ptp operator upgrade from 4.9 to 4.10 stuck at pending due to service account requirements not met 2063414 - on OKD 4.10, when image-registry is enabled, the /etc/hosts entry is missing on some nodes 2063699 - Builds - Builds - Logs: i18n misses. 2063708 - Builds - Builds - Logs: translation correction needed. 2063720 - Metallb EBGP neighbor stuck in active until adding ebgp-multihop (directly connected neighbors) 2063732 - Workloads - StatefulSets : I18n misses 2063747 - When building a bundle, the push command fails because is passes a redundant "IMG=" on the the CLI 2063753 - User Preferences - Language - Language selection : Page refresh rquired to change the UI into selected Language. 2063756 - User Preferences - Applications - Insecure traffic : i18n misses 2063795 - Remove go-ovirt-client go.mod replace directive 2063829 - During an IPI install with the 4.10.4 installer on vSphere, getting "Check": platform.vsphere.network: Invalid value: "VLAN_3912": unable to find network provided" 2063831 - etcd quorum pods landing on same node 2063897 - Community tasks not shown in pipeline builder page 2063905 - PrometheusOperatorWatchErrors alert may fire shortly in case of transient errors from the API server 2063938 - sing the hard coded rest-mapper in library-go 2063955 - cannot download operator catalogs due to missing images 2063957 - User Management - Users : While Impersonating user, UI is not switching into user's set language 2064024 - SNO OCP upgrade with DU workload stuck at waiting for kube-apiserver static pod 2064170 - [Azure] Missing punctuation in the installconfig.controlPlane.platform.azure.osDisk explain 2064239 - Virtualization Overview page turns into blank page 2064256 - The Knative traffic distribution doesn't update percentage in sidebar 2064553 - UI should prefer to use the virtio-win configmap than v2v-vmware configmap for windows creation 2064596 - Fix the hubUrl docs link in pipeline quicksearch modal 2064607 - Pipeline builder makes too many (100+) API calls upfront 2064613 - [OCPonRHV]- after few days that cluster is alive we got error in storage operator 2064693 - [IPI][OSP] Openshift-install fails to find the shiftstack cloud defined in clouds.yaml in the current directory 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2064705 - the alertmanagerconfig validation catches the wrong value for invalid field 2064744 - Errors trying to use the Debug Container feature 2064984 - Update error message for label limits 2065076 - Access monitoring Routes based on monitoring-shared-config creates wrong URL 2065160 - Possible leak of load balancer targets on AWS Machine API Provider 2065224 - Configuration for cloudFront in image-registry operator configuration is ignored & duration is corrupted 2065290 - CVE-2021-23648 sanitize-url: XSS 2065338 - VolumeSnapshot creation date sorting is broken 2065507 - oc adm upgrade should return ReleaseAccepted condition to show upgrade status. 2065510 - [AWS] failed to create cluster on ap-southeast-3 2065513 - Dev Perspective -> Project Dashboard shows Resource Quotas which are a bit misleading, and too many decimal places 2065547 - (release-4.11) Gather kube-controller-manager pod logs with garbage collector errors 2065552 - [AWS] Failed to install cluster on AWS ap-southeast-3 region due to image-registry panic error 2065577 - user with user-workload-monitoring-config-edit role can not create user-workload-monitoring-config configmap 2065597 - Cinder CSI is not configurable 2065682 - Remote write relabel config adds label __tmp_openshift_cluster_id to all metrics 2065689 - Internal Image registry with GCS backend does not redirect client 2065749 - Kubelet slowly leaking memory and pods eventually unable to start 2065785 - ip-reconciler job does not complete, halts node drain 2065804 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204 2065806 - stop considering Mint mode as supported on Azure 2065840 - the cronjob object is created with a wrong api version batch/v1beta1 when created via the openshift console 2065893 - [4.11] Bootimage bump tracker 2066009 - CVE-2021-44906 minimist: prototype pollution 2066232 - e2e-aws-workers-rhel8 is failing on ansible check 2066418 - [4.11] Update channels information link is taking to a 404 error page 2066444 - The "ingress" clusteroperator's relatedObjects field has kind names instead of resource names 2066457 - Prometheus CI failure: 503 Service Unavailable 2066463 - [IBMCloud] failed to list DNS zones: Exactly one of ApiKey or RefreshToken must be specified 2066605 - coredns template block matches cluster API to loose 2066615 - Downstream OSDK still use upstream image for Hybird type operator 2066619 - The GitCommit of the oc-mirror version is not correct 2066665 - [ibm-vpc-block] Unable to change default storage class 2066700 - [node-tuning-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles 2066754 - Cypress reports for core tests are not captured 2066782 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user 2066865 - Flaky test: In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (delayed binding)] topology should provision a volume and schedule a pod with AllowedTopologies 2066886 - openshift-apiserver pods never going NotReady 2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066923 - No rule to make target 'docker-push' when building the SRO bundle 2066945 - SRO appends "arm64" instead of "aarch64" to the kernel name and it doesn't match the DTK 2067004 - CMO contains grafana image though grafana is removed 2067005 - Prometheus rule contains grafana though grafana is removed 2067062 - should update prometheus-operator resources version 2067064 - RoleBinding in Developer Console is dropping all subjects when editing 2067155 - Incorrect operator display name shown in pipelines quickstart in devconsole 2067180 - Missing i18n translations 2067298 - Console 4.10 operand form refresh 2067312 - PPT event source is lost when received by the consumer 2067384 - OCP 4.10 should be firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25 2067456 - OCP 4.11 should be firing APIRemovedInNextEUSReleaseInUse and APIRemovedInNextReleaseInUse for APIs removed in 1.25 2067995 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling 2068115 - resource tab extension fails to show up 2068148 - [4.11] /etc/redhat-release symlink is broken 2068180 - OCP UPI on AWS with STS enabled is breaking the Ingress operator 2068181 - Event source powered with kamelet type source doesn't show associated deployment in resources tab 2068490 - OLM descriptors integration test failing 2068538 - Crashloop back-off popover visual spacing defects 2068601 - Potential etcd inconsistent revision and data occurs 2068613 - ClusterRoleUpdated/ClusterRoleBindingUpdated Spamming Event Logs 2068908 - Manual blog link change needed 2069068 - reconciling Prometheus Operator Deployment failed while upgrading from 4.7.46 to 4.8.35 2069075 - [Alibaba 4.11.0-0.nightly] cluster storage component in Progressing state 2069181 - Disabling community tasks is not working 2069198 - Flaky CI test in e2e/pipeline-ci 2069307 - oc mirror hangs when processing the Red Hat 4.10 catalog 2069312 - extend rest mappings with 'job' definition 2069457 - Ingress operator has superfluous finalizer deletion logic for LoadBalancer-type services 2069577 - ConsolePlugin example proxy authorize is wrong 2069612 - Special Resource Operator (SRO) - Crash when nodeSelector does not match any nodes 2069632 - Not able to download previous container logs from console 2069643 - ConfigMaps leftovers while uninstalling SpecialResource with configmap 2069654 - Creating VMs with YAML on Openshift Virtualization UI is missing labels flavor, os and workload 2069685 - UI crashes on load if a pinned resource model does not exist 2069705 - prometheus target "serviceMonitor/openshift-metallb-system/monitor-metallb-controller/0" has a failure with "server returned HTTP status 502 Bad Gateway" 2069740 - On-prem loadbalancer ports conflict with kube node port range 2069760 - In developer perspective divider does not show up in navigation 2069904 - Sync upstream 1.18.1 downstream 2069914 - Application Launcher groupings are not case-sensitive 2069997 - [4.11] should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces 2070000 - Add warning alerts for installing standalone k8s-nmstate 2070020 - InContext doesn't work for Event Sources 2070047 - Kuryr: Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured 2070160 - Copy-to-clipboard and

elements cause display issues for ACM dynamic plugins 2070172 - SRO uses the chart's name as Helm release, not the SpecialResource's 2070181 - [MAPO] serverGroupName ignored 2070457 - Image vulnerability Popover overflows from the visible area 2070674 - [GCP] Routes get timed out and nonresponsive after creating 2K service routes 2070703 - some ipv6 network policy tests consistently failing 2070720 - [UI] Filter reset doesn't work on Pods/Secrets/etc pages and complete list disappears 2070731 - details switch label is not clickable on add page 2070791 - [GCP]Image registry are crash on cluster with GCP workload identity enabled 2070792 - service "openshift-marketplace/marketplace-operator-metrics" is not annotated with capability 2070805 - ClusterVersion: could not download the update 2070854 - cv.status.capabilities.enabledCapabilities doesn?t show the day-2 enabled caps when there are errors on resources update 2070887 - Cv condition ImplicitlyEnabledCapabilities doesn?t complain about the disabled capabilities which is previously enabled 2070888 - Cannot bind driver vfio-pci when apply sriovnodenetworkpolicy with type vfio-pci 2070929 - OVN-Kubernetes: EgressIP breaks access from a pod with EgressIP to other host networked pods on different nodes 2071019 - rebase vsphere csi driver 2.5 2071021 - vsphere driver has snapshot support missing 2071033 - conditionally relabel volumes given annotation not working - SELinux context match is wrong 2071139 - Ingress pods scheduled on the same node 2071364 - All image building tests are broken with " error: build error: attempting to convert BUILD_LOGLEVEL env var value "" to integer: strconv.Atoi: parsing "": invalid syntax 2071578 - Monitoring navigation should not be shown if monitoring is not available (CRC) 2071599 - RoleBidings are not getting updated for ClusterRole in OpenShift Web Console 2071614 - Updating EgressNetworkPolicy rejecting with error UnsupportedMediaType 2071617 - remove Kubevirt extensions in favour of dynamic plugin 2071650 - ovn-k ovn_db_cluster metrics are not exposed for SNO 2071691 - OCP Console global PatternFly overrides adds padding to breadcrumbs 2071700 - v1 events show "Generated from" message without the source/reporting component 2071715 - Shows 404 on Environment nav in Developer console 2071719 - OCP Console global PatternFly overrides link button whitespace 2071747 - Link to documentation from the overview page goes to a missing link 2071761 - Translation Keys Are Not Namespaced 2071799 - Multus CNI should exit cleanly on CNI DEL when the API server is unavailable 2071859 - ovn-kube pods spec.dnsPolicy should be Default 2071914 - cloud-network-config-controller 4.10.5: Error building cloud provider client, err: %vfailed to initialize Azure environment: autorest/azure: There is no cloud environment matching the name "" 2071998 - Cluster-version operator should share details of signature verification when it fails in 'Force: true' updates 2072106 - cluster-ingress-operator tests do not build on go 1.18 2072134 - Routes are not accessible within cluster from hostnet pods 2072139 - vsphere driver has permissions to create/update PV objects 2072154 - Secondary Scheduler operator panics 2072171 - Test "[sig-network][Feature:EgressFirewall] EgressFirewall should have no impact outside its namespace [Suite:openshift/conformance/parallel]" fails 2072195 - machine api doesn't issue client cert when AWS DNS suffix missing 2072215 - Whereabouts ip-reconciler should be opt-in and not required 2072389 - CVO exits upgrade immediately rather than waiting for etcd backup 2072439 - openshift-cloud-network-config-controller reports wrong range of IP addresses for Azure worker nodes 2072455 - make bundle overwrites supported-nic-ids_v1_configmap.yaml 2072570 - The namespace titles for operator-install-single-namespace test keep changing 2072710 - Perfscale - pods time out waiting for OVS port binding (ovn-installed) 2072766 - Cluster Network Operator stuck in CrashLoopBackOff when scheduled to same master 2072780 - OVN kube-master does not clear NetworkUnavailableCondition on GCP BYOH Windows node 2072793 - Drop "Used Filesystem" from "Virtualization -> Overview" 2072805 - Observe > Dashboards: $__range variables cause PromQL query errors 2072807 - Observe > Dashboards: Missing panel.styles attribute for table panels causes JS error 2072842 - (release-4.11) Gather namespace names with overlapping UID ranges 2072883 - sometimes monitoring dashboards charts can not be loaded successfully 2072891 - Update gcp-pd-csi-driver to 1.5.1; 2072911 - panic observed in kubedescheduler operator 2072924 - periodic-ci-openshift-release-master-ci-4.11-e2e-azure-techpreview-serial 2072957 - ContainerCreateError loop leads to several thousand empty logfiles in the file system 2072998 - update aws-efs-csi-driver to the latest version 2072999 - Navigate from logs of selected Tekton task instead of last one 2073021 - [vsphere] Failed to update OS on master nodes 2073112 - Prometheus (uwm) externalLabels not showing always in alerts. 2073113 - Warning is logged to the console: W0407 Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. 2073176 - removing data in form does not remove data from yaml editor 2073197 - Error in Spoke/SNO agent: Source image rejected: A signature was required, but no signature exists 2073329 - Pipelines-plugin- Having different title for Pipeline Runs tab, on Pipeline Details page it's "PipelineRuns" and on Repository Details page it's "Pipeline Runs". 2073373 - Update azure-disk-csi-driver to 1.16.0 2073378 - failed egressIP assignment - cloud-network-config-controller does not delete failed cloudprivateipconfig 2073398 - machine-api-provider-openstack does not clean up OSP ports after failed server provisioning 2073436 - Update azure-file-csi-driver to v1.14.0 2073437 - Topology performance: Firehose/useK8sWatchResources cache can return unexpected data format if isList differs on multiple calls 2073452 - [sig-network] pods should successfully create sandboxes by other - failed (add) 2073473 - [OVN SCALE][ovn-northd] Unnecessary SB record no-op changes added to SB transaction. 2073522 - Update ibm-vpc-block-csi-driver to v4.2.0 2073525 - Update vpc-node-label-updater to v4.1.2 2073901 - Installation failed due to etcd operator Err:DefragControllerDegraded: failed to dial endpoint https://10.0.0.7:2379 with maintenance client: context canceled 2073937 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for UMW 2073938 - APIRemovedInNextEUSReleaseInUse alert for runtimeclasses 2073945 - APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies 2073972 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for platform monitoring 2074009 - [OVN] ovn-northd doesn't clean Chassis_Private record after scale down to 0 a machineSet 2074031 - Admins should be able to tune garbage collector aggressiveness (GOGC) for kube-apiserver if necessary 2074062 - Node Tuning Operator(NTO) - Cloud provider profile rollback doesn't work well 2074084 - CMO metrics not visible in the OCP webconsole UI 2074100 - CRD filtering according to name broken 2074210 - asia-south2, australia-southeast2, and southamerica-west1Missing from GCP regions 2074237 - oc new-app --image-stream flag behavior is unclear 2074243 - DefaultPlacement API allow empty enum value and remove default 2074447 - cluster-dashboard: CPU Utilisation iowait and steal 2074465 - PipelineRun fails in import from Git flow if "main" branch is default 2074471 - Cannot delete namespace with a LB type svc and Kuryr when ExternalCloudProvider is enabled 2074475 - [e2e][automation] kubevirt plugin cypress tests fail 2074483 - coreos-installer doesnt work on Dell machines 2074544 - e2e-metal-ipi-ovn-ipv6 failing due to recent CEO changes 2074585 - MCG standalone deployment page goes blank when the KMS option is enabled 2074606 - occm does not have permissions to annotate SVC objects 2074612 - Operator fails to install due to service name lookup failure 2074613 - nodeip-configuration container incorrectly attempts to relabel /etc/systemd/system 2074635 - Unable to start Web Terminal after deleting existing instance 2074659 - AWS installconfig ValidateForProvisioning always provides blank values to validate zone records 2074706 - Custom EC2 endpoint is not considered by AWS EBS CSI driver 2074710 - Transition to go-ovirt-client 2074756 - Namespace column provide wrong data in ClusterRole Details -> Rolebindings tab 2074767 - Metrics page show incorrect values due to metrics level config 2074807 - NodeFilesystemSpaceFillingUp alert fires even before kubelet GC kicks in 2074902 - oc debug node/nodename ? chroot /host somecommand should exit with non-zero when the sub-command failed 2075015 - etcd-guard connection refused event repeating pathologically (payload blocking) 2075024 - Metal upgrades permafailing on metal3 containers crash looping 2075050 - oc-mirror fails to calculate between two channels with different prefixes for the same version of OCP 2075091 - Symptom Detection.Undiagnosed panic detected in pod 2075117 - Developer catalog: Order dropdown (A-Z, Z-A) is miss-aligned (in a separate row) 2075149 - Trigger Translations When Extensions Are Updated 2075189 - Imports from dynamic-plugin-sdk lead to failed module resolution errors 2075459 - Set up cluster on aws with rootvolumn io2 failed due to no iops despite it being configured 2075475 - OVN-Kubernetes: egress router pod (redirect mode), access from pod on different worker-node (redirect) doesn't work 2075478 - Bump documentationBaseURL to 4.11 2075491 - nmstate operator cannot be upgraded on SNO 2075575 - Local Dev Env - Prometheus 404 Call errors spam the console 2075584 - improve clarity of build failure messages when using csi shared resources but tech preview is not enabled 2075592 - Regression - Top of the web terminal drawer is missing a stroke/dropshadow 2075621 - Cluster upgrade.[sig-mco] Machine config pools complete upgrade 2075647 - 'oc adm upgrade ...' POSTs ClusterVersion, clobbering any unrecognized spec properties 2075671 - Cluster Ingress Operator K8S API cache contains duplicate objects 2075778 - Fix failing TestGetRegistrySamples test 2075873 - Bump recommended FCOS to 35.20220327.3.0 2076193 - oc patch command for the liveness probe and readiness probe parameters of an OpenShift router deployment doesn't take effect 2076270 - [OCPonRHV] MachineSet scale down operation fails to delete the worker VMs 2076277 - [RFE] [OCPonRHV] Add storage domain ID valueto Compute/ControlPlain section in the machine object 2076290 - PTP operator readme missing documentation on BC setup via PTP config 2076297 - Router process ignores shutdown signal while starting up 2076323 - OLM blocks all operator installs if an openshift-marketplace catalogsource is unavailable 2076355 - The KubeletConfigController wrongly process multiple confs for a pool after having kubeletconfig in bootstrap 2076393 - [VSphere] survey fails to list datacenters 2076521 - Nodes in the same zone are not updated in the right order 2076527 - Pipeline Builder: Make unnecessary tekton hub API calls when the user types 'too fast' 2076544 - Whitespace (padding) is missing after an PatternFly update, already in 4.10 2076553 - Project access view replace group ref with user ref when updating their Role 2076614 - Missing Events component from the SDK API 2076637 - Configure metrics for vsphere driver to be reported 2076646 - openshift-install destroy unable to delete PVC disks in GCP if cluster identifier is longer than 22 characters 2076793 - CVO exits upgrade immediately rather than waiting for etcd backup 2076831 - [ocp4.11]Mem/cpu high utilization by apiserver/etcd for cluster stayed 10 hours 2076877 - network operator tracker to switch to use flowcontrol.apiserver.k8s.io/v1beta2 instead v1beta1 to be deprecated in k8s 1.26 2076880 - OKD: add cluster domain to the uploaded vm configs so that 30-local-dns-prepender can use it 2076975 - Metric unset during static route conversion in configure-ovs.sh 2076984 - TestConfigurableRouteNoConsumingUserNoRBAC fails in CI 2077050 - OCP should default to pd-ssd disk type on GCP 2077150 - Breadcrumbs on a few screens don't have correct top margin spacing 2077160 - Update owners for openshift/cluster-etcd-operator 2077357 - [release-4.11] 200ms packet delay with OVN controller turn on 2077373 - Accessibility warning on developer perspective 2077386 - Import page shows untranslated values for the route advanced routing>security options (devconsole~Edge) 2077457 - failure in test case "[sig-network][Feature:Router] The HAProxy router should serve the correct routes when running with the haproxy config manager" 2077497 - Rebase etcd to 3.5.3 or later 2077597 - machine-api-controller is not taking the proxy configuration when it needs to reach the RHV API 2077599 - OCP should alert users if they are on vsphere version <7.0.2 2077662 - AWS Platform Provisioning Check incorrectly identifies record as part of domain of cluster 2077797 - LSO pods don't have any resource requests 2077851 - "make vendor" target is not working 2077943 - If there is a service with multiple ports, and the route uses 8080, when editing the 8080 port isn't replaced, but a random port gets replaced and 8080 still stays 2077994 - Publish RHEL CoreOS AMIs in AWS ap-southeast-3 region 2078013 - drop multipathd.socket workaround 2078375 - When using the wizard with template using data source the resulting vm use pvc source 2078396 - [OVN AWS] EgressIP was not balanced to another egress node after original node was removed egress label 2078431 - [OCPonRHV] - ERROR failed to instantiate provider "openshift/local/ovirt" to obtain schema: ERROR fork/exec 2078526 - Multicast breaks after master node reboot/sync 2078573 - SDN CNI -Fail to create nncp when vxlan is up 2078634 - CRI-O not killing Calico CNI stalled (zombie) processes. 2078698 - search box may not completely remove content 2078769 - Different not translated filter group names (incl. Secret, Pipeline, PIpelineRun) 2078778 - [4.11] oc get ValidatingWebhookConfiguration,MutatingWebhookConfiguration fails and caused ?apiserver panic'd...http2: panic serving xxx.xx.xxx.21:49748: cannot deep copy int? when AllRequestBodies audit-profile is used. 2078781 - PreflightValidation does not handle multiarch images 2078866 - [BM][IPI] Installation with bonds fail - DaemonSet "openshift-ovn-kubernetes/ovnkube-node" rollout is not making progress 2078875 - OpenShift Installer fail to remove Neutron ports 2078895 - [OCPonRHV]-"cow" unsupported value in format field in install-config.yaml 2078910 - CNO spitting out ".spec.groups[0].rules[4].runbook_url: field not declared in schema" 2078945 - Ensure only one apiserver-watcher process is active on a node. 2078954 - network-metrics-daemon makes costly global pod list calls scaling per node 2078969 - Avoid update races between old and new NTO operands during cluster upgrades 2079012 - egressIP not migrated to correct workers after deleting machineset it was assigned 2079062 - Test for console demo plugin toast notification needs to be increased for ci testing 2079197 - [RFE] alert when more than one default storage class is detected 2079216 - Partial cluster update reference doc link returns 404 2079292 - containers prometheus-operator/kube-rbac-proxy violate PodSecurity 2079315 - (release-4.11) Gather ODF config data with Insights 2079422 - Deprecated 1.25 API call 2079439 - OVN Pods Assigned Same IP Simultaneously 2079468 - Enhance the waitForIngressControllerCondition for better CI results 2079500 - okd-baremetal-install uses fcos for bootstrap but rhcos for cluster 2079610 - Opeatorhub status shows errors 2079663 - change default image features in RBD storageclass 2079673 - Add flags to disable migrated code 2079685 - Storageclass creation page with "Enable encryption" is not displaying saved KMS connection details when vaulttenantsa details are available in csi-kms-details config 2079724 - cluster-etcd-operator - disable defrag-controller as there is unpredictable impact on large OpenShift Container Platform 4 - Cluster 2079788 - Operator restarts while applying the acm-ice example 2079789 - cluster drops ImplicitlyEnabledCapabilities during upgrade 2079803 - Upgrade-triggered etcd backup will be skip during serial upgrade 2079805 - Secondary scheduler operator should comply to restricted pod security level 2079818 - Developer catalog installation overlay (modal?) shows a duplicated padding 2079837 - [RFE] Hub/Spoke example with daemonset 2079844 - EFS cluster csi driver status stuck in AWSEFSDriverCredentialsRequestControllerProgressing with sts installation 2079845 - The Event Sinks catalog page now has a blank space on the left 2079869 - Builds for multiple kernel versions should be ran in parallel when possible 2079913 - [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN endpointslices 2079961 - The search results accordion has no spacing between it and the side navigation bar. 2079965 - [rebase v1.24] [sig-node] PodOSRejection [NodeConformance] Kubelet should reject pod when the node OS doesn't match pod's OS [Suite:openshift/conformance/parallel] [Suite:k8s] 2080054 - TAGS arg for installer-artifacts images is not propagated to build images 2080153 - aws-load-balancer-operator-controller-manager pod stuck in ContainerCreating status 2080197 - etcd leader changes produce test churn during early stage of test 2080255 - EgressIP broken on AWS with OpenShiftSDN / latest nightly build 2080267 - [Fresh Installation] Openshift-machine-config-operator namespace is flooded with events related to clusterrole, clusterrolebinding 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2080379 - Group all e2e tests as parallel or serial 2080387 - Visual connector not appear between the node if a node get created using "move connector" to a different application 2080416 - oc bash-completion problem 2080429 - CVO must ensure non-upgrade related changes are saved when desired payload fails to load 2080446 - Sync ironic images with latest bug fixes packages 2080679 - [rebase v1.24] [sig-cli] test failure 2080681 - [rebase v1.24] [sig-cluster-lifecycle] CSRs from machines that are not recognized by the cloud provider are not approved [Suite:openshift/conformance/parallel] 2080687 - [rebase v1.24] [sig-network][Feature:Router] tests are failing 2080873 - Topology graph crashes after update to 4.11 when Layout 2 (ColaForce) was selected previously 2080964 - Cluster operator special-resource-operator is always in Failing state with reason: "Reconciling simple-kmod" 2080976 - Avoid hooks config maps when hooks are empty 2081012 - [rebase v1.24] [sig-devex][Feature:OpenShiftControllerManager] TestAutomaticCreationOfPullSecrets [Suite:openshift/conformance/parallel] 2081018 - [rebase v1.24] [sig-imageregistry][Feature:Image] oc tag should work when only imagestreams api is available 2081021 - [rebase v1.24] [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources 2081062 - Unrevert RHCOS back to 8.6 2081067 - admin dev-console /settings/cluster should point out history may be excerpted 2081069 - [sig-network] pods should successfully create sandboxes by adding pod to network 2081081 - PreflightValidation "odd number of arguments passed as key-value pairs for logging" error 2081084 - [rebase v1.24] [sig-instrumentation] Events API should ensure that an event can be fetched, patched, deleted, and listed 2081087 - [rebase v1.24] [sig-auth] ServiceAccounts should allow opting out of API token automount 2081119 - oc explain output of default overlaySize is outdated 2081172 - MetallLB: YAML view in webconsole does not show all the available key value pairs of all the objects 2081201 - cloud-init User check for Windows VM refuses to accept capitalized usernames 2081447 - Ingress operator performs spurious updates in response to API's defaulting of router deployment's router container's ports' protocol field 2081562 - lifecycle.posStart hook does not have network connectivity. 2081685 - Typo in NNCE Conditions 2081743 - [e2e] tests failing 2081788 - MetalLB: the crds are not validated until metallb is deployed 2081821 - SpecialResourceModule CRD is not installed after deploying SRO operator using brew bundle image via OLM 2081895 - Use the managed resource (and not the manifest) for resource health checks 2081997 - disconnected insights operator remains degraded after editing pull secret 2082075 - Removing huge amount of ports takes a lot of time. 2082235 - CNO exposes a generic apiserver that apparently does nothing 2082283 - Transition to new oVirt Terraform provider 2082360 - OCP 4.10.4, CNI: SDN; Whereabouts IPAM: Duplicate IP address with bond-cni 2082380 - [4.10.z] customize wizard is crashed 2082403 - [LSO] No new build local-storage-operator-metadata-container created 2082428 - oc patch healthCheckInterval with invalid "5 s" to the ingress-controller successfully 2082441 - [UPI] aws-load-balancer-operator-controller-manager failed to get VPC ID in UPI on AWS 2082492 - [IPI IBM]Can't create image-registry-private-configuration secret with error "specified resource key credentials does not contain HMAC keys" 2082535 - [OCPonRHV]-workers are cloned when "clone: false" is specified in install-config.yaml 2082538 - apirequests limits of Cluster CAPI Operator are too low for GCP platform 2082566 - OCP dashboard fails to load when the query to Prometheus takes more than 30s to return 2082604 - [IBMCloud][x86_64] IBM VPC does not properly support RHCOS Custom Image tagging 2082667 - No new machines provisioned while machineset controller drained old nodes for change to machineset 2082687 - [IBM Cloud][x86_64][CCCMO] IBM x86_64 CCM using unsupported --port argument 2082763 - Cluster install stuck on the applying for operatorhub "cluster" 2083149 - "Update blocked" label incorrectly displays on new minor versions in the "Other available paths" modal 2083153 - Unable to use application credentials for Manila PVC creation on OpenStack 2083154 - Dynamic plugin sdk tsdoc generation does not render docs for parameters 2083219 - DPU network operator doesn't deal with c1... inteface names 2083237 - [vsphere-ipi] Machineset scale up process delay 2083299 - SRO does not fetch mirrored DTK images in disconnected clusters 2083445 - [FJ OCP4.11 Bug]: RAID setting during IPI cluster deployment fails if iRMC port number is specified 2083451 - Update external serivces URLs to console.redhat.com 2083459 - Make numvfs > totalvfs error message more verbose 2083466 - Failed to create clusters on AWS C2S/SC2S due to image-registry MissingEndpoint error 2083514 - Operator ignores managementState Removed 2083641 - OpenShift Console Knative Eventing ContainerSource generates wrong api version when pointed to k8s Service 2083756 - Linkify not upgradeable message on ClusterSettings page 2083770 - Release image signature manifest filename extension is yaml 2083919 - openshift4/ose-operator-registry:4.10.0 having security vulnerabilities 2083942 - Learner promotion can temporarily fail with rpc not supported for learner errors 2083964 - Sink resources dropdown is not persisted in form yaml switcher in event source creation form 2083999 - "--prune-over-size-limit" is not working as expected 2084079 - prometheus route is not updated to "path: /api" after upgrade from 4.10 to 4.11 2084081 - nmstate-operator installed cluster on POWER shows issues while adding new dhcp interface 2084124 - The Update cluster modal includes a broken link 2084215 - Resource configmap "openshift-machine-api/kube-rbac-proxy" is defined by 2 manifests 2084249 - panic in ovn pod from an e2e-aws-single-node-serial nightly run 2084280 - GCP API Checks Fail if non-required APIs are not enabled 2084288 - "alert/Watchdog must have no gaps or changes" failing after bump 2084292 - Access to dashboard resources is needed in dynamic plugin SDK 2084331 - Resource with multiple capabilities included unless all capabilities are disabled 2084433 - Podsecurity violation error getting logged for ingresscontroller during deployment. 2084438 - Change Ping source spec.jsonData (deprecated) field to spec.data 2084441 - [IPI-Azure]fail to check the vm capabilities in install cluster 2084459 - Topology list view crashes when switching from chart view after moving sink from knative service to uri 2084463 - 5 control plane replica tests fail on ephemeral volumes 2084539 - update azure arm templates to support customer provided vnet 2084545 - [rebase v1.24] cluster-api-operator causes all techpreview tests to fail 2084580 - [4.10] No cluster name sanity validation - cluster name with a dot (".") character 2084615 - Add to navigation option on search page is not properly aligned 2084635 - PipelineRun creation from the GUI for a Pipeline with 2 workspaces hardcode the PVC storageclass 2084732 - A special resource that was created in OCP 4.9 can't be deleted after an upgrade to 4.10 2085187 - installer-artifacts fails to build with go 1.18 2085326 - kube-state-metrics is tripping APIRemovedInNextEUSReleaseInUse 2085336 - [IPI-Azure] Fail to create the worker node which HyperVGenerations is V2 or V1 and vmNetworkingType is Accelerated 2085380 - [IPI-Azure] Incorrect error prompt validate VM image and instance HyperV gen match when install cluster 2085407 - There is no Edit link/icon for labels on Node details page 2085721 - customization controller image name is wrong 2086056 - Missing doc for OVS HW offload 2086086 - Update Cluster Sample Operator dependencies and libraries for OCP 4.11 2086092 - update kube to v.24 2086143 - CNO uses too much memory 2086198 - Cluster CAPI Operator creates unnecessary defaulting webhooks 2086301 - kubernetes nmstate pods are not running after creating instance 2086408 - Podsecurity violation error getting logged for externalDNS operand pods during deployment 2086417 - Pipeline created from add flow has GIT Revision as required field 2086437 - EgressQoS CRD not available 2086450 - aws-load-balancer-controller-cluster pod logged Podsecurity violation error during deployment 2086459 - oc adm inspect fails when one of resources not exist 2086461 - CNO probes MTU unnecessarily in Hypershift, making cluster startup take too long 2086465 - External identity providers should log login attempts in the audit trail 2086469 - No data about title 'API Request Duration by Verb - 99th Percentile' display on the dashboard 'API Performance' 2086483 - baremetal-runtimecfg k8s dependencies should be on a par with 1.24 rebase 2086505 - Update oauth-server images to be consistent with ART 2086519 - workloads must comply to restricted security policy 2086521 - Icons of Knative actions are not clearly visible on the context menu in the dark mode 2086542 - Cannot create service binding through drag and drop 2086544 - ovn-k master daemonset on hypershift shouldn't log token 2086546 - Service binding connector is not visible in the dark mode 2086718 - PowerVS destroy code does not work 2086728 - [hypershift] Move drain to controller 2086731 - Vertical pod autoscaler operator needs a 4.11 bump 2086734 - Update csi driver images to be consistent with ART 2086737 - cloud-provider-openstack rebase to kubernetes v1.24 2086754 - Cluster resource override operator needs a 4.11 bump 2086759 - [IPI] OCP-4.11 baremetal - boot partition is not mounted on temporary directory 2086791 - Azure: Validate UltraSSD instances in multi-zone regions 2086851 - pods with multiple external gateways may only be have ECMP routes for one gateway 2086936 - vsphere ipi should use cores by default instead of sockets 2086958 - flaky e2e in kube-controller-manager-operator TestPodDisruptionBudgetAtLimitAlert 2086959 - flaky e2e in kube-controller-manager-operator TestLogLevel 2086962 - oc-mirror publishes metadata with --dry-run when publishing to mirror 2086964 - oc-mirror fails on differential run when mirroring a package with multiple channels specified 2086972 - oc-mirror does not error invalid metadata is passed to the describe command 2086974 - oc-mirror does not work with headsonly for operator 4.8 2087024 - The oc-mirror result mapping.txt is not correct , can?t be used by oc image mirror command 2087026 - DTK's imagestream is missing from OCP 4.11 payload 2087037 - Cluster Autoscaler should use K8s 1.24 dependencies 2087039 - Machine API components should use K8s 1.24 dependencies 2087042 - Cloud providers components should use K8s 1.24 dependencies 2087084 - remove unintentional nic support 2087103 - "Updating to release image" from 'oc' should point out that the cluster-version operator hasn't accepted the update 2087114 - Add simple-procfs-kmod in modprobe example in README.md 2087213 - Spoke BMH stuck "inspecting" when deployed via ZTP in 4.11 OCP hub 2087271 - oc-mirror does not check for existing workspace when performing mirror2mirror synchronization 2087556 - Failed to render DPU ovnk manifests 2087579 - --keep-manifest-list=true does not work for oc adm release new , only pick up the linux/amd64 manifest from the manifest list 2087680 - [Descheduler] Sync with sigs.k8s.io/descheduler 2087684 - KCMO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile 2087685 - KASO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile 2087687 - MCO does not generate event when user applies Default -> LowUpdateSlowReaction WorkerLatencyProfile 2087764 - Rewrite the registry backend will hit error 2087771 - [tracker] NetworkManager 1.36.0 loses DHCP lease and doesn't try again 2087772 - Bindable badge causes some layout issues with the side panel of bindable operator backed services 2087942 - CNO references images that are divergent from ART 2087944 - KafkaSink Node visualized incorrectly 2087983 - remove etcd_perf before restore 2087993 - PreflightValidation many "msg":"TODO: preflight checks" in the operator log 2088130 - oc-mirror init does not allow for automated testing 2088161 - Match dockerfile image name with the name used in the release repo 2088248 - Create HANA VM does not use values from customized HANA templates 2088304 - ose-console: enable source containers for open source requirements 2088428 - clusteroperator/baremetal stays in progressing: Applying metal3 resources state on a fresh install 2088431 - AvoidBuggyIPs field of addresspool should be removed 2088483 - oc adm catalog mirror returns 0 even if there are errors 2088489 - Topology list does not allow selecting an application group anymore (again) 2088533 - CRDs for openshift.io should have subresource.status failes on sharedconfigmaps.sharedresource and sharedsecrets.sharedresource 2088535 - MetalLB: Enable debug log level for downstream CI 2088541 - Default CatalogSources in openshift-marketplace namespace keeps throwing pod security admission warnings would violate PodSecurity "restricted:v1.24" 2088561 - BMH unable to start inspection: File name too long 2088634 - oc-mirror does not fail when catalog is invalid 2088660 - Nutanix IPI installation inside container failed 2088663 - Better to change the default value of --max-per-registry to 6 2089163 - NMState CRD out of sync with code 2089191 - should remove grafana from cluster-monitoring-config configmap in hypershift cluster 2089224 - openshift-monitoring/cluster-monitoring-config configmap always revert to default setting 2089254 - CAPI operator: Rotate token secret if its older than 30 minutes 2089276 - origin tests for egressIP and azure fail 2089295 - [Nutanix]machine stuck in Deleting phase when delete a machineset whose replicas>=2 and machine is Provisioning phase on Nutanix 2089309 - [OCP 4.11] Ironic inspector image fails to clean disks that are part of a multipath setup if they are passive paths 2089334 - All cloud providers should use service account credentials 2089344 - Failed to deploy simple-kmod 2089350 - Rebase sdn to 1.24 2089387 - LSO not taking mpath. ignoring device 2089392 - 120 node baremetal upgrade from 4.9.29 --> 4.10.13 crashloops on machine-approver 2089396 - oc-mirror does not show pruned image plan 2089405 - New topology package shows gray build icons instead of green/red icons for builds and pipelines 2089419 - do not block 4.10 to 4.11 upgrades if an existing CSI driver is found. Instead, warn about presence of third party CSI driver 2089488 - Special resources are missing the managementState field 2089563 - Update Power VS MAPI to use api's from openshift/api repo 2089574 - UWM prometheus-operator pod can't start up due to no master node in hypershift cluster 2089675 - Could not move Serverless Service without Revision (or while starting?) 2089681 - [Hypershift] EgressIP doesn't work in hypershift guest cluster 2089682 - Installer expects all nutanix subnets to have a cluster reference which is not the case for e.g. overlay networks 2089687 - alert message of MCDDrainError needs to be updated for new drain controller 2089696 - CR reconciliation is stuck in daemonset lifecycle 2089716 - [4.11][reliability]one worker node became NotReady on which ovnkube-node pod's memory increased sharply 2089719 - acm-simple-kmod fails to build 2089720 - [Hypershift] ICSP doesn't work for the guest cluster 2089743 - acm-ice fails to deploy: helm chart does not appear to be a gzipped archive 2089773 - Pipeline status filter and status colors doesn't work correctly with non-english languages 2089775 - keepalived can keep ingress VIP on wrong node under certain circumstances 2089805 - Config duration metrics aren't exposed 2089827 - MetalLB CI - backward compatible tests are failing due to the order of delete 2089909 - PTP e2e testing not working on SNO cluster 2089918 - oc-mirror skip-missing still returns 404 errors when images do not exist 2089930 - Bump OVN to 22.06 2089933 - Pods do not post readiness status on termination 2089968 - Multus CNI daemonset should use hostPath mounts with type: directory 2089973 - bump libs to k8s 1.24 for OCP 4.11 2089996 - Unnecessary yarn install runs in e2e tests 2090017 - Enable source containers to meet open source requirements 2090049 - destroying GCP cluster which has a compute node without infra id in name would fail to delete 2 k8s firewall-rules and VPC network 2090092 - Will hit error if specify the channel not the latest 2090151 - [RHEL scale up] increase the wait time so that the node has enough time to get ready 2090178 - VM SSH command generated by UI points at api VIP 2090182 - [Nutanix]Create a machineset with invalid image, machine stuck in "Provisioning" phase 2090236 - Only reconcile annotations and status for clusters 2090266 - oc adm release extract is failing on mutli arch image 2090268 - [AWS EFS] Operator not getting installed successfully on Hypershift Guest cluster 2090336 - Multus logging should be disabled prior to release 2090343 - Multus debug logging should be enabled temporarily for debugging podsandbox creation failures. 2090358 - Initiating drain log message is displayed before the drain actually starts 2090359 - Nutanix mapi-controller: misleading error message when the failure is caused by wrong credentials 2090405 - [tracker] weird port mapping with asymmetric traffic [rhel-8.6.0.z] 2090430 - gofmt code 2090436 - It takes 30min-60min to update the machine count in custom MachineConfigPools (MCPs) when a node is removed from the pool 2090437 - Bump CNO to k8s 1.24 2090465 - golang version mismatch 2090487 - Change default SNO Networking Type and disallow OpenShiftSDN a supported networking Type 2090537 - failure in ovndb migration when db is not ready in HA mode 2090549 - dpu-network-operator shall be able to run on amd64 arch platform 2090621 - Metal3 plugin does not work properly with updated NodeMaintenance CRD 2090627 - Git commit and branch are empty in MetalLB log 2090692 - Bump to latest 1.24 k8s release 2090730 - must-gather should include multus logs. 2090731 - nmstate deploys two instances of webhook on a single-node cluster 2090751 - oc image mirror skip-missing flag does not skip images 2090755 - MetalLB: BGPAdvertisement validation allows duplicate entries for ip pool selector, ip address pools, node selector and bgp peers 2090774 - Add Readme to plugin directory 2090794 - MachineConfigPool cannot apply a configuration after fixing the pods that caused a drain alert 2090809 - gm.ClockClass invalid syntax parse error in linux ptp daemon logs 2090816 - OCP 4.8 Baremetal IPI installation failure: "Bootstrap failed to complete: timed out waiting for the condition" 2090819 - oc-mirror does not catch invalid registry input when a namespace is specified 2090827 - Rebase CoreDNS to 1.9.2 and k8s 1.24 2090829 - Bump OpenShift router to k8s 1.24 2090838 - Flaky test: ignore flapping host interface 'tunbr' 2090843 - addLogicalPort() performance/scale optimizations 2090895 - Dynamic plugin nav extension "startsWith" property does not work 2090929 - [etcd] cluster-backup.sh script has a conflict to use the '/etc/kubernetes/static-pod-certs' folder if a custom API certificate is defined 2090993 - [AI Day2] Worker node overview page crashes in Openshift console with TypeError 2091029 - Cancel rollout action only appears when rollout is completed 2091030 - Some BM may fail booting with default bootMode strategy 2091033 - [Descheduler]: provide ability to override included/excluded namespaces 2091087 - ODC Helm backend Owners file needs updates 2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2091167 - IPsec runtime enabling not work in hypershift 2091218 - Update Dev Console Helm backend to use helm 3.9.0 2091433 - Update AWS instance types 2091542 - Error Loading/404 not found page shown after clicking "Current namespace only" 2091547 - Internet connection test with proxy permanently fails 2091567 - oVirt CSI driver should use latest go-ovirt-client 2091595 - Alertmanager configuration can't use OpsGenie's entity field when AlertmanagerConfig is enabled 2091599 - PTP Dual Nic | Extend Events 4.11 - Up/Down master interface affects all the other interface in the same NIC accoording the events and metric 2091603 - WebSocket connection restarts when switching tabs in WebTerminal 2091613 - simple-kmod fails to build due to missing KVC 2091634 - OVS 2.15 stops handling traffic once ovs-dpctl(2.17.2) is used against it 2091730 - MCO e2e tests are failing with "No token found in openshift-monitoring secrets" 2091746 - "Oh no! Something went wrong" shown after user creates MCP without 'spec' 2091770 - CVO gets stuck downloading an upgrade, with the version pod complaining about invalid options 2091854 - clusteroperator status filter doesn't match all values in Status column 2091901 - Log stream paused right after updating log lines in Web Console in OCP4.10 2091902 - unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server has received too many requests and has asked us to try again later 2091990 - wrong external-ids for ovn-controller lflow-cache-limit-kb 2092003 - PR 3162 | BZ 2084450 - invalid URL schema for AWS causes tests to perma fail and break the cloud-network-config-controller 2092041 - Bump cluster-dns-operator to k8s 1.24 2092042 - Bump cluster-ingress-operator to k8s 1.24 2092047 - Kube 1.24 rebase for cloud-network-config-controller 2092137 - Search doesn't show all entries when name filter is cleared 2092296 - Change Default MachineCIDR of Power VS Platform from 10.x to 192.168.0.0/16 2092390 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and 'Overview' tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown 2092395 - etcdHighNumberOfFailedGRPCRequests alerts with wrong results 2092408 - Wrong icon is used in the virtualization overview permissions card 2092414 - In virtualization overview "running vm per templates" template list can be improved 2092442 - Minimum time between drain retries is not the expected one 2092464 - marketplace catalog defaults to v4.10 2092473 - libovsdb performance backports 2092495 - ovn: use up to 4 northd threads in non-SNO clusters 2092502 - [azure-file-csi-driver] Stop shipping a NFS StorageClass 2092509 - Invalid memory address error if non existing caBundle is configured in DNS-over-TLS using ForwardPlugins 2092572 - acm-simple-kmod chart should create the namespace on the spoke cluster 2092579 - Don't retry pod deletion if objects are not existing 2092650 - [BM IPI with Provisioning Network] Worker nodes are not provisioned: ironic-agent is stuck before writing into disks 2092703 - Incorrect mount propagation information in container status 2092815 - can't delete the unwanted image from registry by oc-mirror 2092851 - [Descheduler]: allow to customize the LowNodeUtilization strategy thresholds 2092867 - make repository name unique in acm-ice/acm-simple-kmod examples 2092880 - etcdHighNumberOfLeaderChanges returns incorrect number of leadership changes 2092887 - oc-mirror list releases command uses filter-options flag instead of filter-by-os 2092889 - Incorrect updating of EgressACLs using direction "from-lport" 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 2092937 - WebScale: OVN-k8s forwarding to external-gw over the secondary interfaces failing 2092966 - [OCP 4.11] [azure] /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 2093044 - Azure machine-api-provider-azure Availability Set Name Length Limit 2093047 - Dynamic Plugins: Generated API markdown duplicates checkAccess and useAccessReview doc 2093126 - [4.11] Bootimage bump tracker 2093236 - DNS operator stopped reconciling after 4.10 to 4.11 upgrade | 4.11 nightly to 4.11 nightly upgrade 2093288 - Default catalogs fails liveness/readiness probes 2093357 - Upgrading sno spoke with acm-ice, causes the sno to get unreachable 2093368 - Installer orphans FIPs created for LoadBalancer Services on cluster destroy 2093396 - Remove node-tainting for too-small MTU 2093445 - ManagementState reconciliation breaks SR 2093454 - Router proxy protocol doesn't work with dual-stack (IPv4 and IPv6) clusters 2093462 - Ingress Operator isn't reconciling the ingress cluster operator object 2093586 - Topology: Ctrl+space opens the quick search modal, but doesn't close it again 2093593 - Import from Devfile shows configuration options that shoudn't be there 2093597 - Import: Advanced option sentence is splited into two parts and headlines has no padding 2093600 - Project access tab should apply new permissions before it delete old ones 2093601 - Project access page doesn't allow the user to update the settings twice (without manually reload the content) 2093783 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.24 2093797 - 'oc registry login' with serviceaccount function need update 2093819 - An etcd member for a new machine was never added to the cluster 2093930 - Gather console helm install totals metric 2093957 - Oc-mirror write dup metadata to registry backend 2093986 - Podsecurity violation error getting logged for pod-identity-webhook 2093992 - Cluster version operator acknowledges upgrade failing on periodic-ci-openshift-release-master-nightly-4.11-e2e-metal-ipi-upgrade-ovn-ipv6 2094023 - Add Git Flow - Template Labels for Deployment show as DeploymentConfig 2094024 - bump oauth-apiserver deps to include 1.23.1 k8s that fixes etcd blips 2094039 - egressIP panics with nil pointer dereference 2094055 - Bump coreos-installer for s390x Secure Execution 2094071 - No runbook created for SouthboundStale alert 2094088 - Columns in NBDB may never be updated by OVNK 2094104 - Demo dynamic plugin image tests should be skipped when testing console-operator 2094152 - Alerts in the virtualization overview status card aren't filtered 2094196 - Add default and validating webhooks for Power VS MAPI 2094227 - Topology: Create Service Binding should not be the last option (even under delete) 2094239 - custom pool Nodes with 0 nodes are always populated in progress bar 2094303 - If og is configured with sa, operator installation will be failed. 2094335 - [Nutanix] - debug logs are enabled by default in machine-controller 2094342 - apirequests limits of Cluster CAPI Operator are too low for Azure platform 2094438 - Make AWS URL parsing more lenient for GetNodeEgressIPConfiguration 2094525 - Allow automatic upgrades for efs operator 2094532 - ovn-windows CI jobs are broken 2094675 - PTP Dual Nic | Extend Events 4.11 - when kill the phc2sys We have notification for the ptp4l physical master moved to free run 2094694 - [Nutanix] No cluster name sanity validation - cluster name with a dot (".") character 2094704 - Verbose log activated on kube-rbac-proxy in deployment prometheus-k8s 2094801 - Kuryr controller keep restarting when handling IPs with leading zeros 2094806 - Machine API oVrit component should use K8s 1.24 dependencies 2094816 - Kuryr controller restarts when over quota 2094833 - Repository overview page does not show default PipelineRun template for developer user 2094857 - CloudShellTerminal loops indefinitely if DevWorkspace CR goes into failed state 2094864 - Rebase CAPG to latest changes 2094866 - oc-mirror does not always delete all manifests associated with an image during pruning 2094896 - Run 'openshift-install agent create image' has segfault exception if cluster-manifests directory missing 2094902 - Fix installer cross-compiling 2094932 - MGMT-10403 Ingress should enable single-node cluster expansion on upgraded clusters 2095049 - managed-csi StorageClass does not create PVs 2095071 - Backend tests fails after devfile registry update 2095083 - Observe > Dashboards: Graphs may change a lot on automatic refresh 2095110 - [ovn] northd container termination script must use bash 2095113 - [ovnkube] bump to openvswitch2.17-2.17.0-22.el8fdp 2095226 - Added changes to verify cloud connection and dhcpservices quota of a powervs instance 2095229 - ingress-operator pod in CrashLoopBackOff in 4.11 after upgrade starting in 4.6 due to go panic 2095231 - Kafka Sink sidebar in topology is empty 2095247 - Event sink form doesn't show channel as sink until app is refreshed 2095248 - [vSphere-CSI-Driver] does not report volume count limits correctly caused pod with multi volumes maybe schedule to not satisfied volume count node 2095256 - Samples Owner needs to be Updated 2095264 - ovs-configuration.service fails with Error: Failed to modify connection 'ovs-if-br-ex': failed to update connection: error writing to file '/etc/NetworkManager/systemConnectionsMerged/ovs-if-br-ex.nmconnection' 2095362 - oVirt CSI driver operator should use latest go-ovirt-client 2095574 - e2e-agnostic CI job fails 2095687 - Debug Container shown for build logs and on click ui breaks 2095703 - machinedeletionhooks doesn't work in vsphere cluster and BM cluster 2095716 - New PSA component for Pod Security Standards enforcement is refusing openshift-operators ns 2095756 - CNO panics with concurrent map read/write 2095772 - Memory requests for ovnkube-master containers are over-sized 2095917 - Nutanix set osDisk with diskSizeGB rather than diskSizeMiB 2095941 - DNS Traffic not kept local to zone or node when Calico SDN utilized 2096053 - Builder Image icons in Git Import flow are hard to see in Dark mode 2096226 - crio fails to bind to tentative IP, causing service failure since RHOCS was rebased on RHEL 8.6 2096315 - NodeClockNotSynchronising alert's severity should be critical 2096350 - Web console doesn't display webhook errors for upgrades 2096352 - Collect whole journal in gather 2096380 - acm-simple-kmod references deprecated KVC example 2096392 - Topology node icons are not properly visible in Dark mode 2096394 - Add page Card items background color does not match with column background color in Dark mode 2096413 - br-ex not created due to default bond interface having a different mac address than expected 2096496 - FIPS issue on OCP SNO with RT Kernel via performance profile 2096605 - [vsphere] no validation checking for diskType 2096691 - [Alibaba 4.11] Specifying ResourceGroup id in install-config.yaml, New pv are still getting created to default ResourceGroups 2096855 - oc adm release new failed with error when use an existing multi-arch release image as input 2096905 - Openshift installer should not use the prism client embedded in nutanix terraform provider 2096908 - Dark theme issue in pipeline builder, Helm rollback form, and Git import 2097000 - KafkaConnections disappear from Topology after creating KafkaSink in Topology 2097043 - No clean way to specify operand issues to KEDA OLM operator 2097047 - MetalLB: matchExpressions used in CR like L2Advertisement, BGPAdvertisement, BGPPeers allow duplicate entries 2097067 - ClusterVersion history pruner does not always retain initial completed update entry 2097153 - poor performance on API call to vCenter ListTags with thousands of tags 2097186 - PSa autolabeling in 4.11 env upgraded from 4.10 does not work due to missing RBAC objects 2097239 - Change Lower CPU limits for Power VS cloud 2097246 - Kuryr: verify and unit jobs failing due to upstream OpenStack dropping py36 support 2097260 - openshift-install create manifests failed for Power VS platform 2097276 - MetalLB CI deploys the operator via manifests and not using the csv 2097282 - chore: update external-provisioner to the latest upstream release 2097283 - chore: update external-snapshotter to the latest upstream release 2097284 - chore: update external-attacher to the latest upstream release 2097286 - chore: update node-driver-registrar to the latest upstream release 2097334 - oc plugin help shows 'kubectl' 2097346 - Monitoring must-gather doesn't seem to be working anymore in 4.11 2097400 - Shared Resource CSI Driver needs additional permissions for validation webhook 2097454 - Placeholder bug for OCP 4.11.0 metadata release 2097503 - chore: rebase against latest external-resizer 2097555 - IngressControllersNotUpgradeable: load balancer service has been modified; changes must be reverted before upgrading 2097607 - Add Power VS support to Webhooks tests in actuator e2e test 2097685 - Ironic-agent can't restart because of existing container 2097716 - settings under httpConfig is dropped with AlertmanagerConfig v1beta1 2097810 - Required Network tools missing for Testing e2e PTP 2097832 - clean up unused IPv6DualStackNoUpgrade feature gate 2097940 - openshift-install destroy cluster traps if vpcRegion not specified 2097954 - 4.11 installation failed at monitoring and network clusteroperators with error "conmon: option parsing failed: Unknown option --log-global-size-max" making all jobs failing 2098172 - oc-mirror does not validatethe registry in the storage config 2098175 - invalid license in python-dataclasses-0.8-2.el8 spec 2098177 - python-pint-0.10.1-2.el8 has unused Patch0 in spec file 2098242 - typo in SRO specialresourcemodule 2098243 - Add error check to Platform create for Power VS 2098392 - [OCP 4.11] Ironic cannot match "wwn" rootDeviceHint for a multipath device 2098508 - Control-plane-machine-set-operator report panic 2098610 - No need to check the push permission with ?manifests-only option 2099293 - oVirt cluster API provider should use latest go-ovirt-client 2099330 - Edit application grouping is shown to user with view only access in a cluster 2099340 - CAPI e2e tests for AWS are missing 2099357 - ovn-kubernetes needs explicit RBAC coordination leases for 1.24 bump 2099358 - Dark mode+Topology update: Unexpected selected+hover border and background colors for app groups 2099528 - Layout issue: No spacing in delete modals 2099561 - Prometheus returns HTTP 500 error on /favicon.ico 2099582 - Format and update Repository overview content 2099611 - Failures on etcd-operator watch channels 2099637 - Should print error when use --keep-manifest-list\xfalse for manifestlist image 2099654 - Topology performance: Endless rerender loop when showing a Http EventSink (KameletBinding) 2099668 - KubeControllerManager should degrade when GC stops working 2099695 - Update CAPG after rebase 2099751 - specialresourcemodule stacktrace while looping over build status 2099755 - EgressIP node's mgmtIP reachability configuration option 2099763 - Update icons for event sources and sinks in topology, Add page, and context menu 2099811 - UDP Packet loss in OpenShift using IPv6 [upcall] 2099821 - exporting a pointer for the loop variable 2099875 - The speaker won't start if there's another component on the host listening on 8080 2099899 - oc-mirror looks for layers in the wrong repository when searching for release images during publishing 2099928 - [FJ OCP4.11 Bug]: Add unit tests to image_customization_test file 2099968 - [Azure-File-CSI] failed to provisioning volume in ARO cluster 2100001 - Sync upstream v1.22.0 downstream 2100007 - Run bundle-upgrade failed from the traditional File-Based Catalog installed operator 2100033 - OCP 4.11 IPI - Some csr remain "Pending" post deployment 2100038 - failure to update special-resource-lifecycle table during update Event 2100079 - SDN needs explicit RBAC coordination leases for 1.24 bump 2100138 - release info --bugs has no differentiator between Jira and Bugzilla 2100155 - kube-apiserver-operator should raise an alert when there is a Pod Security admission violation 2100159 - Dark theme: Build icon for pending status is not inverted in topology sidebar 2100323 - Sqlit-based catsrc cannot be ready due to "Error: open ./db-xxxx: permission denied" 2100347 - KASO retains old config values when switching from Medium/Default to empty worker latency profile 2100356 - Remove Condition tab and create option from console as it is deprecated in OSP-1.8 2100439 - [gce-pd] GCE PD in-tree storage plugin tests not running 2100496 - [OCPonRHV]-oVirt API returns affinity groups without a description field 2100507 - Remove redundant log lines from obj_retry.go 2100536 - Update API to allow EgressIP node reachability check 2100601 - Update CNO to allow EgressIP node reachability check 2100643 - [Migration] [GCP]OVN can not rollback to SDN 2100644 - openshift-ansible FTBFS on RHEL8 2100669 - Telemetry should not log the full path if it contains a username 2100749 - [OCP 4.11] multipath support needs multipath modules 2100825 - Update machine-api-powervs go modules to latest version 2100841 - tiny openshift-install usability fix for setting KUBECONFIG 2101460 - An etcd member for a new machine was never added to the cluster 2101498 - Revert Bug 2082599: add upper bound to number of failed attempts 2102086 - The base image is still 4.10 for operator-sdk 1.22 2102302 - Dummy bug for 4.10 backports 2102362 - Valid regions should be allowed in GCP install config 2102500 - Kubernetes NMState pods can not evict due to PDB on an SNO cluster 2102639 - Drain happens before other image-registry pod is ready to service requests, causing disruption 2102782 - topolvm-controller get into CrashLoopBackOff few minutes after install 2102834 - [cloud-credential-operator]container has runAsNonRoot and image will run as root 2102947 - [VPA] recommender is logging errors for pods with init containers 2103053 - [4.11] Backport Prow CI improvements from master 2103075 - Listing secrets in all namespaces with a specific labelSelector does not work properly 2103080 - br-ex not created due to default bond interface having a different mac address than expected 2103177 - disabling ipv6 router advertisements using "all" does not disable it on secondary interfaces 2103728 - Carry HAProxy patch 'BUG/MEDIUM: h2: match absolute-path not path-absolute for :path' 2103749 - MachineConfigPool is not getting updated 2104282 - heterogeneous arch: oc adm extract encodes arch specific release payload pullspec rather than the manifestlisted pullspec 2104432 - [dpu-network-operator] Updating images to be consistent with ART 2104552 - kube-controller-manager operator 4.11.0-rc.0 degraded on disabled monitoring stack 2104561 - 4.10 to 4.11 update: Degraded node: unexpected on-disk state: mode mismatch for file: "/etc/crio/crio.conf.d/01-ctrcfg-pidsLimit"; expected: -rw-r--r--/420/0644; received: ----------/0/0 2104589 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce 2104701 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes 2104717 - NetworkPolicies: ovnkube-master pods crashing due to panic: "invalid memory address or nil pointer dereference" 2104727 - Bootstrap node should honor http proxy 2104906 - Uninstall fails with Observed a panic: runtime.boundsError 2104951 - Web console doesn't display webhook errors for upgrades 2104991 - Completed pods may not be correctly cleaned up 2105101 - NodeIP is used instead of EgressIP if egressPod is recreated within 60 seconds 2105106 - co/node-tuning: Waiting for 15/72 Profiles to be applied 2105146 - Degraded=True noise with: UpgradeBackupControllerDegraded: unable to retrieve cluster version, no completed update was found in cluster version status history 2105167 - BuildConfig throws error when using a label with a / in it 2105334 - vmware-vsphere-csi-driver-controller can't use host port error on e2e-vsphere-serial 2105382 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator 2105468 - The ccoctl does not seem to know how to leverage the VMs service account to talk to GCP APIs. 2105937 - telemeter golangci-lint outdated blocking ART PRs that update to Go1.18 2106051 - Unable to deploy acm-ice using latest SRO 4.11 build 2106058 - vSphere defaults to SecureBoot on; breaks installation of out-of-tree drivers [4.11.0] 2106062 - [4.11] Bootimage bump tracker 2106116 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as "0abc" 2106163 - Samples ImageStreams vs. registry.redhat.io: unsupported: V2 schema 1 manifest digests are no longer supported for image pulls 2106313 - bond-cni: backport bond-cni GA items to 4.11 2106543 - Typo in must-gather release-4.10 2106594 - crud/other-routes.spec.ts Cypress test failing at a high rate in CI 2106723 - [4.11] Upgrade from 4.11.0-rc0 -> 4.11.0-rc.1 failed. rpm-ostree status shows No space left on device 2106855 - [4.11.z] externalTrafficPolicy=Local is not working in local gateway mode if ovnkube-node is restarted 2107493 - ReplicaSet prometheus-operator-admission-webhook has timed out progressing 2107501 - metallb greenwave tests failure 2107690 - Driver Container builds fail with "error determining starting point for build: no FROM statement found" 2108175 - etcd backup seems to not be triggered in 4.10.18-->4.10.20 upgrade 2108617 - [oc adm release] extraction of the installer against a manifestlisted payload referenced by tag leads to a bad release image reference 2108686 - rpm-ostreed: start limit hit easily 2110505 - [Upgrade]deployment openshift-machine-api/machine-api-operator has a replica failure FailedCreate 2110715 - openshift-controller-manager(-operator) namespace should clear run-level annotations 2111055 - dummy bug for 4.10.z bz2110938

References:

https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-19131 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-28493 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2020-36330 https://access.redhat.com/security/cve/CVE-2020-36331 https://access.redhat.com/security/cve/CVE-2020-36332 https://access.redhat.com/security/cve/CVE-2021-3481 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3672 https://access.redhat.com/security/cve/CVE-2021-3695 https://access.redhat.com/security/cve/CVE-2021-3696 https://access.redhat.com/security/cve/CVE-2021-3697 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4115 https://access.redhat.com/security/cve/CVE-2021-4156 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20095 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-23566 https://access.redhat.com/security/cve/CVE-2021-23648 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-38185 https://access.redhat.com/security/cve/CVE-2021-38593 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-41617 https://access.redhat.com/security/cve/CVE-2021-42771 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2021-44225 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1215 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-1706 https://access.redhat.com/security/cve/CVE-2022-1729 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-26691 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/cve/CVE-2022-28734 https://access.redhat.com/security/cve/CVE-2022-28735 https://access.redhat.com/security/cve/CVE-2022-28736 https://access.redhat.com/security/cve/CVE-2022-28737 https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/cve/CVE-2022-29810 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYvOfk9zjgjWX9erEAQhJ/w//UlbBGKBBFBAyfEmQf9Zu0yyv6MfZW0Zl iO1qXVIl9UQUFjTY5ejerx7cP8EBWLhKaiiqRRjbjtj+w+ENGB4LLj6TEUrSM5oA YEmhnX3M+GUKF7Px61J7rZfltIOGhYBvJ+qNZL2jvqz1NciVgI4/71cZWnvDbGpa 02w3Dn0JzhTSR9znNs9LKcV/anttJ3NtOYhqMXnN8EpKdtzQkKRazc7xkOTxfxyl jRiER2Z0TzKDE6dMoVijS2Sv5j/JF0LRwetkZl6+oh8ehKh5GRV3lPg3eVkhzDEo /gp0P9GdLMHi6cS6uqcREbod//waSAa7cssgULoycFwjzbDK3L2c+wMuWQIgXJca RYuP6wvrdGwiI1mgUi/226EzcZYeTeoKxnHkp7AsN9l96pJYafj0fnK1p9NM/8g3 jBE/W4K8jdDNVd5l1Z5O0Nyxk6g4P8MKMe10/w/HDXFPSgufiCYIGX4TKqb+ESIR SuYlSMjoGsB4mv1KMDEUJX6d8T05lpEwJT0RYNdZOouuObYMtcHLpRQHH9mkj86W pHdma5aGG/mTMvSMW6l6L05uT41Azm6fVimTv+E5WvViBni2480CVH+9RexKKSyL XcJX1gaLdo+72I/gZrtT+XE5tcJ3Sf5fmfsenQeY4KFum/cwzbM6y7RGn47xlEWB xBWKPzRxz0Q=9r0B -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

JIRA issues fixed (https://issues.jboss.org/):

LOG-2536 - Setting up ODF S3 for loki LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator LOG-2762 - [release-5.4]Events and CLO csv are not collected after running oc adm must-gather --image=$downstream-clo-image LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http' LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards. LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle. LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image

Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.

Security Fix(es):

cups: authorization bypass when using "local" authorization (CVE-2022-26691)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization

Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

aarch64: cups-2.2.6-33.el8_2.1.aarch64.rpm cups-client-2.2.6-33.el8_2.1.aarch64.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm cups-devel-2.2.6-33.el8_2.1.aarch64.rpm cups-ipptool-2.2.6-33.el8_2.1.aarch64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-lpd-2.2.6-33.el8_2.1.aarch64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm

noarch: cups-filesystem-2.2.6-33.el8_2.1.noarch.rpm

ppc64le: cups-2.2.6-33.el8_2.1.ppc64le.rpm cups-client-2.2.6-33.el8_2.1.ppc64le.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm cups-devel-2.2.6-33.el8_2.1.ppc64le.rpm cups-ipptool-2.2.6-33.el8_2.1.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-lpd-2.2.6-33.el8_2.1.ppc64le.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm

s390x: cups-2.2.6-33.el8_2.1.s390x.rpm cups-client-2.2.6-33.el8_2.1.s390x.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debugsource-2.2.6-33.el8_2.1.s390x.rpm cups-devel-2.2.6-33.el8_2.1.s390x.rpm cups-ipptool-2.2.6-33.el8_2.1.s390x.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-lpd-2.2.6-33.el8_2.1.s390x.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm

x86_64: cups-2.2.6-33.el8_2.1.x86_64.rpm cups-client-2.2.6-33.el8_2.1.x86_64.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debugsource-2.2.6-33.el8_2.1.i686.rpm cups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm cups-devel-2.2.6-33.el8_2.1.i686.rpm cups-devel-2.2.6-33.el8_2.1.x86_64.rpm cups-ipptool-2.2.6-33.el8_2.1.x86_64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-lpd-2.2.6-33.el8_2.1.x86_64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Summary:

The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Description:

2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2038898 - [UI] ?Update Repository? option not getting disabled after adding the Replication Repository details to the MTC web console 2040693 - ?Replication repository? wizard has no validation for name length 2040695 - [MTC UI] ?Add Cluster? wizard stucks when the cluster name length is more than 63 characters 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048537 - Exposed route host to image registry? connecting successfully to invalid registry ?xyz.com? 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2055658 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings 2056962 - [MTC UI] UI shows the wrong migration type info after changing the target namespace 2058172 - [MTC UI] Successful Rollback is not showing the green success icon in the ?Last State? field. 2058529 - [MTC UI] Migrations Plan is missing the type for the state migration performed before upgrade 2061335 - [MTC UI] ?Update cluster? button is not getting disabled 2062266 - MTC UI does not display logs properly [OADP-BL] 2062862 - [MTC UI] Clusters page behaving unexpectedly on deleting the remote cluster?s service account secret from backend 2074675 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x 2076593 - Velero pod log missing from UI drop down 2076599 - Velero pod log missing from downloaded logs folder [OADP-BL] 2078459 - [MTC UI] Storageclass conversion plan is adding migstorage reference in migplan 2079252 - [MTC] Rsync options logs not visible in log-reader pod 2082221 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [UI] 2082225 - non-numeric user when launching stage pods [OADP-BL] 2088022 - Default CPU requests on Velero/Restic are too demanding making scheduling fail in certain environments 2088026 - Cloud propagation phase in migration controller is not doing anything due to missing labels on Velero pods 2089126 - [MTC] Migration controller cannot find Velero Pod because of wrong labels 2089411 - [MTC] Log reader pod is missing velero and restic pod logs [OADP-BL] 2089859 - [Crane] DPA CR is missing the required flag - Migration is getting failed at the EnsureCloudSecretPropagated phase due to the missing secret VolumeMounts 2090317 - [MTC] mig-operator failed to create a DPA CR due to null values are passed instead of int [OADP-BL] 2096939 - Fix legacy operator.yml inconsistencies and errors 2100486 - [MTC UI] Target storage class field is not getting respected when clusters don't have replication repo configured

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6.5"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "_id": null,
        "model": "cups",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "499.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "cups",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openprinting",
        "version": "2.4.2"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "_id": null,
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "cups",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "cups",
        "scope": null,
        "trust": 0.8,
        "vendor": "openprinting",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26691"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167510"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "168042"
      },
      {
        "db": "PACKETSTORM",
        "id": "167845"
      },
      {
        "db": "PACKETSTORM",
        "id": "167501"
      },
      {
        "db": "PACKETSTORM",
        "id": "167512"
      },
      {
        "db": "PACKETSTORM",
        "id": "167514"
      },
      {
        "db": "PACKETSTORM",
        "id": "167679"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2022-26691",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-26691",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-417360",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "id": "CVE-2022-26691",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-26691",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-26691",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-26691",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-4149",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-417360",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-26691",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417360"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26691"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. macOS contains an improper comparison vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This security vulnerability occurs when local authorization happens. This flaw allows an malicious user to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution. (CVE-2022-26691). \n\nBug Fix(es):\n\n* 30-second delays printing to Windows 2016 server via HTTPS (BZ#2073531)\n\n4. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig\nOADP-154 - Ensure support for backing up resources based on different label selectors\nOADP-194 - Remove the registry dependency from OADP\nOADP-199 - Enable support for restore of existing resources\nOADP-224 - Restore silently ignore resources if they exist - restore log not updated\nOADP-225 - Restore doesn\u0027t update velero.io/backup-name when a resource is updated\nOADP-234 - Implementation of incremental restore\nOADP-324 - Add label to Expired backups failing garbage collection\nOADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases\nOADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it\u0027s unable to find the zone\nOADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete\nOADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot\nOADP-528 - The volumesnapshotcontent is not removed for the synced backup\nOADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10\nOADP-538 - typo on noDefaultBackupLocation error on DPA CR\nOADP-552 - Validate OADP with 4.11 and Pod Security Admissions\nOADP-558 - Empty Failed Backup CRs can\u0027t be removed\nOADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version\nOADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly\nOADP-592 - OADP must-gather add support for insecure tls\nOADP-597 - BSL validation logs\nOADP-598 - Data mover performance on backup blocks backup process\nOADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl\nOADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled\nOADP-602 - Support GCP for openshift-velero-plugin registry\nOADP-605 - [OCP 4.11] CSI restore fails with admission webhook \\\"volumesnapshotclasses.snapshot.storage.k8s.io\\\" denied\nOADP-607 - DataMover: VSB is stuck on SnapshotBackupDone\nOADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace\nOADP-613 - DataMover: upstream documentation refers wrong CRs\nOADP-637 - Restic backup fails with CA certificate\nOADP-643 - [Data Mover] VSB and VSR names are not unique\nOADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable\nOADP-648 - Remove default limits for velero and restic pods\nOADP-652 - Data mover VolSync pod errors with Noobaa\nOADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace\nOADP-660 - Data mover restic secret does not support Azure\nOADP-698 - DataMover: volume-snapshot-mover pod points to upstream image\nOADP-715 - Restic restore fails: restic-wait container continuously fails with \"Not found: /restores/\u003cpod-volume\u003e/.velero/\u003crestore-UID\u003e\"\nOADP-716 - Incremental restore: second restore of a namespace partially fails\nOADP-736 - Data mover VSB always fails with volsync 0.5\n\n6. ==========================================================================\nUbuntu Security Notice USN-5454-2\nMay 31, 2022\n\ncups vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in CUPS. This update provides\nthe corresponding update for Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Joshua Mason discovered that CUPS incorrectly handled the secret key used\n to access the administrative web interface. A remote attacker could\n possibly use this issue to open a session as an administrator and execute\n arbitrary code. (CVE-2022-26691)\n\n It was discovered that CUPS incorrectly handled certain memory operations\n when handling IPP printing. A remote attacker could possibly use this issue\n to cause CUPS to crash, leading to a denial of service, or obtain sensitive\n information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04\n LTS.  (CVE-2019-8842, CVE-2020-10001)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  cups                            2.1.3-4ubuntu0.11+esm1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: OpenShift Container Platform 4.11.0 bug fix and security update\nAdvisory ID:       RHSA-2022:5069-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5069\nIssue date:        2022-08-10\nCVE Names:         CVE-2018-25009 CVE-2018-25010 CVE-2018-25012\n                   CVE-2018-25013 CVE-2018-25014 CVE-2018-25032\n                   CVE-2019-5827 CVE-2019-13750 CVE-2019-13751\n                   CVE-2019-17594 CVE-2019-17595 CVE-2019-18218\n                   CVE-2019-19603 CVE-2019-20838 CVE-2020-13435\n                   CVE-2020-14155 CVE-2020-17541 CVE-2020-19131\n                   CVE-2020-24370 CVE-2020-28493 CVE-2020-35492\n                   CVE-2020-36330 CVE-2020-36331 CVE-2020-36332\n                   CVE-2021-3481 CVE-2021-3580 CVE-2021-3634\n                   CVE-2021-3672 CVE-2021-3695 CVE-2021-3696\n                   CVE-2021-3697 CVE-2021-3737 CVE-2021-4115\n                   CVE-2021-4156 CVE-2021-4189 CVE-2021-20095\n                   CVE-2021-20231 CVE-2021-20232 CVE-2021-23177\n                   CVE-2021-23566 CVE-2021-23648 CVE-2021-25219\n                   CVE-2021-31535 CVE-2021-31566 CVE-2021-36084\n                   CVE-2021-36085 CVE-2021-36086 CVE-2021-36087\n                   CVE-2021-38185 CVE-2021-38593 CVE-2021-40528\n                   CVE-2021-41190 CVE-2021-41617 CVE-2021-42771\n                   CVE-2021-43527 CVE-2021-43818 CVE-2021-44225\n                   CVE-2021-44906 CVE-2022-0235 CVE-2022-0778\n                   CVE-2022-1012 CVE-2022-1215 CVE-2022-1271\n                   CVE-2022-1292 CVE-2022-1586 CVE-2022-1621\n                   CVE-2022-1629 CVE-2022-1706 CVE-2022-1729\n                   CVE-2022-2068 CVE-2022-2097 CVE-2022-21698\n                   CVE-2022-22576 CVE-2022-23772 CVE-2022-23773\n                   CVE-2022-23806 CVE-2022-24407 CVE-2022-24675\n                   CVE-2022-24903 CVE-2022-24921 CVE-2022-25313\n                   CVE-2022-25314 CVE-2022-26691 CVE-2022-26945\n                   CVE-2022-27191 CVE-2022-27774 CVE-2022-27776\n                   CVE-2022-27782 CVE-2022-28327 CVE-2022-28733\n                   CVE-2022-28734 CVE-2022-28735 CVE-2022-28736\n                   CVE-2022-28737 CVE-2022-29162 CVE-2022-29810\n                   CVE-2022-29824 CVE-2022-30321 CVE-2022-30322\n                   CVE-2022-30323 CVE-2022-32250\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.11. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.11.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:5068\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n* sanitize-url: XSS (CVE-2021-23648)\n* minimist: prototype pollution (CVE-2021-44906)\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n* go-getter: writes SSH credentials into logfile, exposing sensitive\ncredentials to local uses (CVE-2022-29810)\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.11.0-x86_64\n\nThe image digest is\nsha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4\n\n(For aarch64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.11.0-aarch64\n\nThe image digest is\nsha256:29fa8419da2afdb64b5475d2b43dad8cc9205e566db3968c5738e7a91cf96dfe\n\n(For s390x architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.11.0-s390x\n\nThe image digest is\nsha256:015d6180238b4024d11dfef6751143619a0458eccfb589f2058ceb1a6359dd46\n\n(For ppc64le architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.11.0-ppc64le\n\nThe image digest is\nsha256:5052f8d5597c6656ca9b6bfd3de521504c79917aa80feb915d3c8546241f86ca\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1817075 - MCC \u0026 MCO don\u0027t free leader leases during shut down -\u003e 10 minutes of leader election timeouts\n1822752 - cluster-version operator stops applying manifests when blocked by a precondition check\n1823143 - oc adm release extract --command, --tools doesn\u0027t pull from localregistry when given a localregistry/image\n1858418 - [OCPonRHV] OpenShift installer fails when Blank template is missing in oVirt/RHV\n1859153 - [AWS] An IAM error occurred occasionally during the installation phase: Invalid IAM Instance Profile name\n1896181 - [ovirt] install fails: due to terraform error \"Cannot run VM. VM is being updated\" on vm resource\n1898265 - [OCP 4.5][AWS] Installation failed: error updating LB Target Group\n1902307 - [vSphere] cloud labels management via cloud provider makes nodes not ready\n1905850 - `oc adm policy who-can` failed to check the `operatorcondition/status` resource\n1916279 - [OCPonRHV] Sometimes terraform installation fails on -failed to fetch Cluster(another terraform bug)\n1917898 - [ovirt] install fails: due to terraform error \"Tag not matched: expect \u003cfault\u003e but got \u003chtml\u003e\" on vm resource\n1918005 - [vsphere] If there are multiple port groups with the same name installation fails\n1918417 - IPv6 errors after exiting crictl\n1918690 - Should update the KCM resource-graph timely with the latest configure\n1919980 - oVirt installer fails due to terraform error \"Failed to wait for Templte(...) to become ok\"\n1921182 - InspectFailed: kubelet Failed to inspect image: rpc error: code = DeadlineExceeded desc = context deadline exceeded\n1923536 - Image pullthrough does not pass 429 errors back to capable clients\n1926975 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n1928932 - deploy/route_crd.yaml in openshift/router uses deprecated v1beta1 CRD API\n1932812 - Installer uses the terraform-provider in the Installer\u0027s directory if it exists\n1934304 - MemoryPressure Top Pod Consumers seems to be 2x expected value\n1943937 - CatalogSource incorrect parsing validation\n1944264 - [ovn] CNO should gracefully terminate OVN databases\n1944851 - List of ingress routes not cleaned up when routers no longer exist - take 2\n1945329 - In k8s 1.21 bump conntrack \u0027should drop INVALID conntrack entries\u0027 tests are disabled\n1948556 - Cannot read property \u0027apiGroup\u0027 of undefined error viewing operator CSV\n1949827 - Kubelet bound to incorrect IPs, referring to incorrect NICs in 4.5.x\n1957012 - Deleting the KubeDescheduler CR does not remove the corresponding deployment or configmap\n1957668 - oc login does not show link to console\n1958198 - authentication operator takes too long to pick up a configuration change\n1958512 - No 1.25 shown in REMOVEDINRELEASE for apis audited with k8s.io/removed-release 1.25 and k8s.io/deprecated true\n1961233 - Add CI test coverage for DNS availability during upgrades\n1961844 - baremetal ClusterOperator installed by CVO does not have relatedObjects\n1965468 - [OSP] Delete volume snapshots based on cluster ID in their metadata\n1965934 - can not get new result with \"Refresh off\" if click \"Run queries\" again\n1965969 - [aws] the public hosted zone id is not correct in the destroy log, while destroying a cluster which is using BYO private hosted zone. \n1968253 - GCP CSI driver can provision volume with access mode ROX\n1969794 - [OSP] Document how to use image registry PVC backend with custom availability zones\n1975543 - [OLM] Remove stale cruft installed by CVO in earlier releases\n1976111 - [tracker] multipathd.socket is missing start conditions\n1976782 - Openshift registry starts to segfault after S3 storage configuration\n1977100 - Pod failed to start with message \"set CPU load balancing: readdirent /proc/sys/kernel/sched_domain/cpu66/domain0: no such file or directory\"\n1978303 - KAS pod logs show: [SHOULD NOT HAPPEN] ...failed to convert new object...CertificateSigningRequest) to smd typed: .status.conditions: duplicate entries for key [type=\\\"Approved\\\"]\n1978798 - [Network Operator] Upgrade: The configuration to enable network policy ACL logging is missing on the cluster upgraded from 4.7-\u003e4.8\n1979671 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n1982737 - OLM does not warn on invalid CSV\n1983056 - IP conflict while recreating Pod with fixed name\n1984785 - LSO CSV does not contain disconnected annotation\n1989610 - Unsupported data types should not be rendered on operand details page\n1990125 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n1990384 - 502 error on \"Observe -\u003e Alerting\" UI after disabled local alertmanager\n1992553 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1994117 - Some hardcodes are detected at the code level in orphaned code\n1994820 - machine controller doesn\u0027t send vCPU quota failed messages to cluster install logs\n1995953 - Ingresscontroller change the replicas to scaleup first time will be rolling update for all the ingress pods\n1996544 - AWS region ap-northeast-3 is missing in installer prompt\n1996638 - Helm operator manager container restart when CR is creating\u0026deleting\n1997120 - test_recreate_pod_in_namespace fails - Timed out waiting for namespace\n1997142 - OperatorHub: Filtering the OperatorHub catalog is extremely slow\n1997704 - [osp][octavia lb] given loadBalancerIP is ignored when creating a LoadBalancer type svc\n1999325 - FailedMount MountVolume.SetUp failed for volume \"kube-api-access\" : object \"openshift-kube-scheduler\"/\"kube-root-ca.crt\" not registered\n1999529 - Must gather fails to gather logs for all the namespace if server doesn\u0027t have volumesnapshotclasses resource\n1999891 - must-gather collects backup data even when Pods fails to be created\n2000653 - Add hypershift namespace to exclude namespaces list in descheduler configmap\n2002009 - IPI Baremetal, qemu-convert takes to long to save image into drive on slow/large disks\n2002602 - Storageclass creation page goes blank when \"Enable encryption\" is clicked if there is a syntax error in the configmap\n2002868 - Node exporter not able to scrape OVS metrics\n2005321 - Web Terminal is not opened on Stage of DevSandbox when terminal instance is not created yet\n2005694 - Removing proxy object takes up to 10 minutes for the changes to propagate to the MCO\n2006067 - Objects are not valid as a React child\n2006201 - ovirt-csi-driver-node pods are crashing intermittently\n2007246 - Openshift Container Platform - Ingress Controller does not set allowPrivilegeEscalation in the router deployment\n2007340 - Accessibility issues on topology - list view\n2007611 - TLS issues with the internal registry and AWS S3 bucket\n2007647 - oc adm release info --changes-from does not show changes in repos that squash-merge\n2008486 - Double scroll bar shows up on dragging the task quick search to the bottom\n2009345 - Overview page does not load from openshift console for some set of users after upgrading to 4.7.19\n2009352 - Add image-registry usage metrics to telemeter\n2009845 - Respect overrides changes during installation\n2010361 - OpenShift Alerting Rules Style-Guide Compliance\n2010364 - OpenShift Alerting Rules Style-Guide Compliance\n2010393 - [sig-arch][Late] clients should not use APIs that are removed in upcoming releases [Suite:openshift/conformance/parallel]\n2011525 - Rate-limit incoming BFD to prevent ovn-controller DoS\n2011895 - Details about cloud errors are missing from PV/PVC errors\n2012111 - LSO still try to find localvolumeset which is already deleted\n2012969 - need to figure out why osupdatedstart to reboot is zero seconds\n2013144 - Developer catalog category links could not be open in a new tab (sharing and open a deep link works fine)\n2013461 - Import deployment from Git with s2i expose always port 8080 (Service and Pod template, not Route) if another Route port is selected by the user\n2013734 - unable to label downloads route in openshift-console namespace\n2013822 - ensure that the `container-tools` content comes from the RHAOS plashets\n2014161 - PipelineRun logs are delayed and stuck on a high log volume\n2014240 - Image registry uses ICSPs only when source exactly matches image\n2014420 - Topology page is crashed\n2014640 - Cannot change storage class of boot disk when cloning from template\n2015023 - Operator objects are re-created even after deleting it\n2015042 - Adding a template from the catalog creates a secret that is not owned by the TemplateInstance\n2015356 - Different status shows on VM list page and details page\n2015375 - PVC creation for ODF/IBM Flashsystem shows incorrect types\n2015459 - [azure][openstack]When image registry configure an invalid proxy, registry pods are CrashLoopBackOff\n2015800 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2016425 - Adoption controller generating invalid metadata.Labels for an already adopted Subscription resource\n2016534 - externalIP does not work when egressIP is also present\n2017001 - Topology context menu for Serverless components always open downwards\n2018188 - VRRP ID conflict between keepalived-ipfailover and cluster VIPs\n2018517 - [sig-arch] events should not repeat pathologically expand_less failures -  s390x CI\n2019532 - Logger object in LSO does not log source location accurately\n2019564 - User settings resources (ConfigMap, Role, RB) should be deleted when a user is deleted\n2020483 - Parameter $__auto_interval_period is in Period drop-down list\n2020622 - e2e-aws-upi and e2e-azure-upi jobs are not working\n2021041 - [vsphere] Not found TagCategory when destroying ipi cluster\n2021446 - openshift-ingress-canary is not reporting DEGRADED state, even though the canary route is not available and accessible\n2022253 - Web terminal view is broken\n2022507 - Pods stuck in OutOfpods state after running cluster-density\n2022611 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment\n2022745 - Cluster reader is not able to list NodeNetwork* objects\n2023295 - Must-gather tool gathering data from custom namespaces. \n2023691 - ClusterIP internalTrafficPolicy does not work for ovn-kubernetes\n2024427 - oc completion zsh doesn\u0027t auto complete\n2024708 - The form for creating operational CRs is badly rendering filed names (\"obsoleteCPUs\" -\u003e \"Obsolete CP Us\" )\n2024821 - [Azure-File-CSI] need more clear info when requesting pvc with volumeMode Block\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2025624 - Ingress router metrics endpoint serving old certificates after certificate rotation\n2026356 - [IPI on Azure] The bootstrap machine type should be same as master\n2026461 - Completed pods in Openshift cluster not releasing IP addresses and results in err: range is full unless manually deleted\n2027603 - [UI] Dropdown doesn\u0027t close on it\u0027s own after arbiter zone selection on \u0027Capacity and nodes\u0027 page\n2027613 - Users can\u0027t silence alerts from the dev console\n2028493 - OVN-migration failed - ovnkube-node: error waiting for node readiness: timed out waiting for the condition\n2028532 - noobaa-pg-db-0 pod stuck in Init:0/2\n2028821 - Misspelled label in ODF management UI - MCG performance view\n2029438 - Bootstrap node cannot resolve api-int because NetworkManager replaces resolv.conf\n2029470 - Recover from suddenly appearing old operand revision WAS: kube-scheduler-operator test failure: Node\u0027s not achieving new revision\n2029797 - Uncaught exception: ResizeObserver loop limit exceeded\n2029835 - CSI migration for vSphere: Inline-volume tests failing\n2030034 - prometheusrules.openshift.io: dial tcp: lookup prometheus-operator.openshift-monitoring.svc on 172.30.0.10:53: no such host\n2030530 - VM created via customize wizard has single quotation marks surrounding its password\n2030733 - wrong IP selected to connect to the nodes when ExternalCloudProvider enabled\n2030776 - e2e-operator always uses quay master images during presubmit tests\n2032559 - CNO allows migration to dual-stack in unsupported configurations\n2032717 - Unable to download ignition after coreos-installer install --copy-network\n2032924 - PVs are not being cleaned up after PVC deletion\n2033482 - [vsphere] two variables in tf are undeclared and get warning message during installation\n2033575 - monitoring targets are down after the cluster run for more than 1 day\n2033711 - IBM VPC operator needs e2e csi tests for ibmcloud\n2033862 - MachineSet is not scaling up due to an OpenStack error trying to create multiple ports with the same MAC address\n2034147 - OpenShift VMware IPI Installation fails with Resource customization when corespersocket is unset and vCPU count is not a multiple of 4\n2034296 - Kubelet and Crio fails to start during upgrde to 4.7.37\n2034411 - [Egress Router] No NAT rules for ipv6 source and destination created in ip6tables-save\n2034688 - Allow Prometheus/Thanos to return 401 or 403 when the request isn\u0027t authenticated\n2034958 - [sig-network] Conntrack should be able to preserve UDP traffic when initial unready endpoints get ready\n2035005 - MCD is not always removing in progress taint after a successful update\n2035334 - [RFE] [OCPonRHV] Provision machines with preallocated disks\n2035899 - Operator-sdk run bundle doesn\u0027t support arm64 env\n2036202 - Bump podman to \u003e= 3.3.0 so that  setup of multiple credentials for a single registry which can be distinguished by their path  will work\n2036594 - [MAPO] Machine goes to failed state due to a momentary error of the cluster etcd\n2036948 - SR-IOV Network Device Plugin should handle offloaded VF instead of supporting only PF\n2037190 - dns operator status flaps between True/False/False and True/True/(False|True) after updating dnses.operator.openshift.io/default\n2037447 - Ingress Operator is not closing TCP connections. \n2037513 - I/O metrics from the Kubernetes/Compute Resources/Cluster Dashboard show as no datapoints found\n2037542 - Pipeline Builder footer is not sticky and yaml tab doesn\u0027t use full height\n2037610 - typo for the Terminated message from thanos-querier pod description info\n2037620 - Upgrade playbook should quit directly when trying to upgrade RHEL-7 workers to 4.10\n2037625 - AppliedClusterResourceQuotas can not be shown on project overview\n2037626 - unable to fetch ignition file when scaleup rhel worker nodes on cluster enabled Tang disk encryption\n2037628 - Add test id to kms flows for automation\n2037721 - PodDisruptionBudgetAtLimit alert fired in SNO cluster\n2037762 - Wrong ServiceMonitor definition is causing failure during Prometheus configuration reload and preventing changes from being applied\n2037841 - [RFE] use /dev/ptp_hyperv on Azure/AzureStack\n2038115 - Namespace and application bar is not sticky anymore\n2038244 - Import from git ignore the given servername and could not validate On-Premises GitHub and BitBucket installations\n2038405 - openshift-e2e-aws-workers-rhel-workflow in CI step registry broken\n2038774 - IBM-Cloud OVN IPsec fails, IKE UDP ports and  ESP protocol not in security group\n2039135 - the error message is not clear when using \"opm index prune\" to prune a file-based index image\n2039161 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected\n2039253 - ovnkube-node crashes on duplicate endpoints\n2039256 - Domain validation fails when TLD contains a digit. \n2039277 - Topology list view items are not highlighted on keyboard navigation\n2039462 - Application tab in User Preferences dropdown menus are too wide. \n2039477 - validation icon is missing from Import from git\n2039589 - The toolbox command always ignores [command] the first time\n2039647 - Some developer perspective links are not deep-linked causes developer to sometimes delete/modify resources in the wrong project\n2040180 - Bug when adding a new table panel to a dashboard for OCP UI with only one value column\n2040195 - Ignition fails to enable systemd units with backslash-escaped characters in their names\n2040277 - ThanosRuleNoEvaluationFor10Intervals alert description is wrong\n2040488 - OpenShift-Ansible BYOH Unit Tests are Broken\n2040635 - CPU Utilisation is negative number for \"Kubernetes / Compute Resources / Cluster\" dashboard\n2040654 - \u0027oc adm must-gather -- some_script\u0027 should exit with same non-zero code as the failed \u0027some_script\u0027 exits\n2040779 - Nodeport svc not accessible when the backend pod is on a window node\n2040933 - OCP 4.10 nightly build will fail to install if multiple NICs are defined on KVM nodes\n2041133 - \u0027oc explain route.status.ingress.conditions\u0027 shows type \u0027Currently only Ready\u0027 but actually is \u0027Admitted\u0027\n2041454 - Garbage values accepted for `--reference-policy` in `oc import-image` without any error\n2041616 - Ingress operator tries to manage DNS of additional ingresscontrollers that are not under clusters basedomain, which can\u0027t work\n2041769 - Pipeline Metrics page not showing data for normal user\n2041774 - Failing git detection should not recommend Devfiles as import strategy\n2041814 - The KubeletConfigController wrongly process multiple confs for a pool\n2041940 - Namespace pre-population not happening till a Pod is created\n2042027 - Incorrect feedback for \"oc label pods --all\"\n2042348 - Volume ID is missing in output message when expanding volume which is not mounted. \n2042446 - CSIWithOldVSphereHWVersion alert recurring despite upgrade to vmx-15\n2042501 - use lease for leader election\n2042587 - ocm-operator: Improve reconciliation of CA ConfigMaps\n2042652 - Unable to deploy hw-event-proxy operator\n2042838 - The status of container is not consistent on Container details and pod details page\n2042852 - Topology toolbars are unaligned to other toolbars\n2042999 - A pod cannot reach kubernetes.default.svc.cluster.local cluster IP\n2043035 - Wrong error code provided when request contains invalid argument\n2043068 - \u003cx\u003e available of \u003cy\u003e text disappears in Utilization item if x is 0\n2043080 - openshift-installer intermittent failure on AWS with Error: InvalidVpcID.NotFound: The vpc ID \u0027vpc-123456789\u0027 does not exist\n2043094 - ovnkube-node not deleting stale conntrack entries when endpoints go away\n2043118 - Host should transition through Preparing when HostFirmwareSettings changed\n2043132 - Add a metric when vsphere csi storageclass creation fails\n2043314 - `oc debug node` does not meet compliance requirement\n2043336 - Creating multi SriovNetworkNodePolicy cause the worker always be draining\n2043428 - Address Alibaba CSI driver operator review comments\n2043533 - Update ironic, inspector, and ironic-python-agent to latest bugfix release\n2043672 - [MAPO] root volumes not working\n2044140 - When \u0027oc adm upgrade --to-image ...\u0027 rejects an update as not recommended, it should mention --allow-explicit-upgrade\n2044207 - [KMS] The data in the text box does not get cleared on switching the authentication method\n2044227 - Test Managed cluster should only include cluster daemonsets that have maxUnavailable update of 10 or 33 percent fails\n2044412 - Topology list misses separator lines and hover effect let the list jump 1px\n2044421 - Topology list does not allow selecting an application group anymore\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2044803 - Unify button text style on VM tabs\n2044824 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2045065 - Scheduled pod has nodeName changed\n2045073 - Bump golang and build images for local-storage-operator\n2045087 - Failed to apply sriov policy on intel nics\n2045551 - Remove enabled FeatureGates from TechPreviewNoUpgrade\n2045559 - API_VIP moved when kube-api container on another master node was stopped\n2045577 - [ocp 4.9 | ovn-kubernetes] ovsdb_idl|WARN|transaction error: {\"details\":\"cannot delete Datapath_Binding row 29e48972-xxxx because of 2 remaining reference(s)\",\"error\":\"referential integrity violation\n2045872 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2046133 - [MAPO]IPI proxy installation failed\n2046156 - Network policy: preview of affected pods for non-admin shows empty popup\n2046157 - Still uses pod-security.admission.config.k8s.io/v1alpha1 in admission plugin config\n2046191 - Opeartor pod is missing correct qosClass and priorityClass\n2046277 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the module.vpc.aws_subnet.private_subnet[0] resource\n2046319 - oc debug cronjob command failed with error \"unable to extract pod template from type *v1.CronJob\". \n2046435 - Better Devfile Import Strategy support in the \u0027Import from Git\u0027 flow\n2046496 - Awkward wrapping of project toolbar on mobile\n2046497 - Re-enable TestMetricsEndpoint test case in console operator e2e tests\n2046498 - \"All Projects\" and \"all applications\" use different casing on topology page\n2046591 - Auto-update boot source is not available while create new template from it\n2046594 - \"Requested template could not be found\" while creating VM from user-created template\n2046598 - Auto-update boot source size unit is byte on customize wizard\n2046601 - Cannot create VM from template\n2046618 - Start last run action should contain current user name in the started-by annotation of the PLR\n2046662 - Should upgrade the go version to be 1.17 for example go operator memcached-operator\n2047197 - Sould upgrade the operator_sdk.util version to \"0.4.0\" for the \"osdk_metric\" module\n2047257 - [CP MIGRATION] Node drain failure during control plane node migration\n2047277 - Storage status is missing from status card of virtualization overview\n2047308 - Remove metrics and events for master port offsets\n2047310 - Running VMs per template card needs empty state when no VMs exist\n2047320 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2047335 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047362 - Removing prometheus UI access breaks origin test\n2047445 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2047670 - Installer should pre-check that the hosted zone is not associated with the VPC and throw the error message. \n2047702 - Issue described on bug #2013528 reproduced: mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2047710 - [OVN] ovn-dbchecker CrashLoopBackOff and sbdb jsonrpc unix socket receive error\n2047732 - [IBM]Volume is not deleted after destroy cluster\n2047741 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the module.masters.aws_network_interface.master[1] resource\n2047790 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2047799 - release-openshift-ocp-installer-e2e-aws-upi-4.9\n2047870 - Prevent redundant queries of BIOS settings in HostFirmwareController\n2047895 - Fix architecture naming in oc adm release mirror for aarch64\n2047911 - e2e: Mock CSI tests fail on IBM ROKS clusters\n2047913 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2047925 - [FJ OCP4.10 Bug]: IRONIC_KERNEL_PARAMS does not contain coreos_kernel_params during iPXE boot\n2047935 - [4.11] Bootimage bump tracker\n2047998 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048059 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2048067 - [IPI on Alibabacloud] \"Platform Provisioning Check\" tells \u0027\"ap-southeast-6\": enhanced NAT gateway is not supported\u0027, which seems false\n2048186 - Image registry operator panics when finalizes config deletion\n2048214 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2048219 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2048221 - Capitalization of titles in the VM details page is inconsistent. \n2048222 - [AWS GovCloud] Cluster can not be installed on AWS GovCloud regions via terminal interactive UI. \n2048276 - Cypress E2E tests fail due to a typo in test-cypress.sh\n2048333 - prometheus-adapter becomes inaccessible during rollout\n2048352 - [OVN] node does not recover after NetworkManager restart, NotReady and unreachable\n2048442 - [KMS] UI does not have option to specify kube auth path and namespace for cluster wide encryption\n2048451 - Custom serviceEndpoints in install-config are reported to be unreachable when environment uses a proxy\n2048538 - Network policies are not implemented or updated by OVN-Kubernetes\n2048541 - incorrect rbac check for install operator quick starts\n2048563 - Leader election conventions for cluster topology\n2048575 - IP reconciler cron job failing on single node\n2048686 - Check MAC address provided on the install-config.yaml file\n2048687 - All bare metal jobs are failing now due to End of Life of centos 8\n2048793 - Many Conformance tests are failing in OCP 4.10 with Kuryr\n2048803 - CRI-O seccomp profile out of date\n2048824 - [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2048841 - [ovn] Missing lr-policy-list and snat rules for egressip when new pods are added\n2048955 - Alibaba Disk CSI Driver does not have CI\n2049073 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2049078 - Bond CNI: Failed to  attach Bond NAD to pod\n2049108 - openshift-installer intermittent failure on AWS with \u0027Error: Error waiting for NAT Gateway (nat-xxxxx) to become available\u0027\n2049117 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2049133 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2049142 - Missing \"app\" label\n2049169 - oVirt CSI driver should use the trusted CA bundle when cluster proxy is configured\n2049234 - ImagePull fails with error  \"unable to pull manifest from example.com/busy.box:v5  invalid reference format\"\n2049410 - external-dns-operator creates provider section, even when not requested\n2049483 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2049613 - MTU migration on SDN IPv4 causes API alerts\n2049671 - system:serviceaccount:openshift-cluster-csi-drivers:aws-ebs-csi-driver-operator trying to GET and DELETE /api/v1/namespaces/openshift-cluster-csi-drivers/configmaps/kube-cloud-config which does not exist\n2049687 - superfluous apirequestcount entries in audit log\n2049775 - cloud-provider-config change not applied when ExternalCloudProvider enabled\n2049787 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2049832 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2049872 - cluster storage operator AWS credentialsrequest lacks KMS privileges\n2049889 - oc new-app --search nodejs warns about access to sample content on quay.io\n2050005 - Plugin module IDs can clash with console module IDs causing runtime errors\n2050011 - Observe \u003e Metrics page: Timespan text input and dropdown do not align\n2050120 - Missing metrics in kube-state-metrics\n2050146 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050173 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050180 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050300 - panic in cluster-storage-operator while updating status\n2050332 - Malformed ClusterClaim lifetimes cause the clusterclaims-controller to silently fail to reconcile all clusterclaims\n2050335 - azure-disk failed to mount with error special device does not exist\n2050345 - alert data for burn budget needs to be updated to prevent regression\n2050407 - revert \"force cert rotation every couple days for development\" in 4.11\n2050409 - ip-reconcile job is failing consistently\n2050452 - Update osType and hardware version used by RHCOS OVA to indicate it is a RHEL 8 guest\n2050466 - machine config update with invalid container runtime config should be more robust\n2050637 - Blog Link not re-directing to the intented website in the last modal in the Dev Console Onboarding Tour\n2050698 - After upgrading the cluster the console still show 0 of N, 0% progress for worker nodes\n2050707 - up test for prometheus pod look to far in the past\n2050767 - Vsphere upi tries to access vsphere during manifests generation phase\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2050882 - Crio appears to be coredumping in some scenarios\n2050902 - not all resources created during import have common labels\n2050946 - Cluster-version operator fails to notice TechPreviewNoUpgrade featureSet change after initialization-lookup error\n2051320 - Need to build ose-aws-efs-csi-driver-operator-bundle-container image for 4.11\n2051333 - [aws] records in public hosted zone and BYO private hosted zone were not deleted. \n2051377 - Unable to switch vfio-pci to netdevice in policy\n2051378 - Template wizard is crashed when there are no templates existing\n2051423 - migrate loadbalancers from amphora to ovn not working\n2051457 - [RFE] PDB for cloud-controller-manager to avoid going too many replicas down\n2051470 - prometheus: Add validations for relabel configs\n2051558 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2051578 - Sort is broken for the Status and Version columns on the Cluster Settings \u003e ClusterOperators page\n2051583 - sriov must-gather image doesn\u0027t work\n2051593 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2051611 - Remove Check which enforces summary_interval must match logSyncInterval\n2051642 - Remove \"Tech-Preview\" Label for the Web Terminal GA release\n2051657 - Remove \u0027Tech preview\u0027 from minnimal deployment Storage System creation\n2051718 - MetaLLB: Validation Webhook: BGPPeer hold time is allowed to be set to less than 3s\n2051722 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2051881 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2051954 - Allow changing of policyAuditConfig ratelimit post-deployment\n2051969 - Need to build local-storage-operator-metadata-container image for 4.11\n2051985 - An APIRequestCount without dots in the name can cause a panic\n2052016 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052034 - Can\u0027t start correct debug pod using pod definition yaml in OCP 4.8\n2052055 - Whereabouts should implement client-go 1.22+\n2052056 - Static pod installer should throttle creating new revisions\n2052071 - local storage operator metrics target down after upgrade\n2052095 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052270 - FSyncControllerDegraded has \"treshold\" -\u003e \"threshold\" typos\n2052309 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052332 - Probe failures and pod restarts during 4.7 to 4.8 upgrade\n2052393 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052398 - 4.9 to 4.10 upgrade fails for ovnkube-masters\n2052415 - Pod density test causing problems when using kube-burner\n2052513 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052578 - Create new app from a private git repository using \u0027oc new app\u0027 with basic auth does not work. \n2052595 - Remove dev preview badge from IBM FlashSystem deployment windows\n2052618 - Node reboot causes duplicate persistent volumes\n2052671 - Add Sprint 214 translations\n2052674 - Remove extra spaces\n2052700 - kube-controller-manger should use configmap lease\n2052701 - kube-scheduler should use configmap lease\n2052814 - go fmt fails in OSM after migration to go 1.17\n2052840 - IMAGE_BUILDER=docker make test-e2e-operator-ocp runs with podman instead of docker\n2052953 - Observe dashboard always opens for last viewed workload instead of the selected one\n2052956 - Installing virtualization operator duplicates the first action on workloads in topology\n2052975 - High cpu load on Juniper Qfx5120 Network switches after upgrade to Openshift 4.8.26\n2052986 - Console crashes when Mid cycle hook in Recreate strategy(edit deployment/deploymentConfig) selects Lifecycle strategy as \"Tags the current image as an image stream tag if the deployment succeeds\"\n2053006 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2053104 - [vSphere CSI driver Operator] hw_version_total metric update wrong value after upgrade nodes hardware version from `vmx-13` to  `vmx-15`\n2053112 - nncp status is unknown when nnce is Progressing\n2053118 - nncp Available condition reason should be exposed in `oc get`\n2053168 - Ensure the core dynamic plugin SDK package has correct types and code\n2053205 - ci-openshift-cluster-network-operator-master-e2e-agnostic-upgrade is failing most of the time\n2053304 - Debug terminal no longer works in admin console\n2053312 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053334 - rhel worker scaleup playbook failed because missing some dependency of podman\n2053343 - Cluster Autoscaler not scaling down nodes which seem to qualify for scale-down\n2053491 - nmstate interprets interface names as float64 and subsequently crashes on state update\n2053501 - Git import detection does not happen for private repositories\n2053582 - inability to detect static lifecycle failure\n2053596 - [IBM Cloud] Storage IOPS limitations and lack of IPI ETCD deployment options trigger leader election during cluster initialization\n2053609 - LoadBalancer SCTP service leaves stale conntrack entry that causes issues if service is recreated\n2053622 - PDB warning alert when CR replica count is set to zero\n2053685 - Topology performance: Immutable .toJSON consumes a lot of CPU time when rendering a large topology graph (~100 nodes)\n2053721 - When using RootDeviceHint rotational setting the host can fail to provision\n2053922 - [OCP 4.8][OVN] pod interface: error while waiting on OVS.Interface.external-ids\n2054095 - [release-4.11] Gather images.conifg.openshift.io cluster resource definiition\n2054197 - The ProjectHelmChartRepositrory schema has merged but has not been initialized in the cluster yet\n2054200 - Custom created services in openshift-ingress removed even though the services are not of type LoadBalancer\n2054238 - console-master-e2e-gcp-console is broken\n2054254 - vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2054285 - Services other than knative service also shows as KSVC in add subscription/trigger modal\n2054319 - must-gather | gather_metallb_logs can\u0027t detect metallb pod\n2054351 - Rrestart of ptp4l/phc2sys  on change of PTPConfig  generates more than one times, socket error in event frame work\n2054385 - redhat-operatori ndex image build failed with AMQ brew build - amq-interconnect-operator-metadata-container-1.10.13\n2054564 - DPU network operator 4.10 branch need to sync with master\n2054630 - cancel create silence from kebab menu of alerts page will navigated to the previous page\n2054693 - Error deploying HorizontalPodAutoscaler with oc new-app command in OpenShift 4\n2054701 - [MAPO] Events are not created for MAPO machines\n2054705 - [tracker] nf_reinject calls nf_queue_entry_free on an already freed entry-\u003estate\n2054735 - Bad link in CNV console\n2054770 - IPI baremetal deployment metal3 pod crashes when using capital letters in hosts bootMACAddress\n2054787 - SRO controller goes to CrashLoopBackOff status when the pull-secret does not have the correct permissions\n2054950 - A large number is showing on disk size field\n2055305 - Thanos Querier high CPU and memory usage till OOM\n2055386 - MetalLB changes the shared external IP of a service upon updating the externalTrafficPolicy definition\n2055433 - Unable to create br-ex as gateway is not found\n2055470 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2055492 - The default YAML on vm wizard is not latest\n2055601 - installer did not destroy *.app dns recored in a IPI on ASH install\n2055702 - Enable Serverless tests in CI\n2055723 - CCM operator doesn\u0027t deploy resources after enabling TechPreviewNoUpgrade feature set. \n2055729 - NodePerfCheck fires and stays active on momentary high latency\n2055814 - Custom dynamic exntension point causes runtime and compile time error\n2055861 - cronjob collect-profiles failed leads node reach to OutOfpods status\n2055980 - [dynamic SDK][internal] console plugin SDK does not support table actions\n2056454 - Implement preallocated disks for oVirt in the cluster API provider\n2056460 - Implement preallocated disks for oVirt in the OCP installer\n2056496 - If image does not exists for builder image then upload jar form crashes\n2056519 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies\n2056607 - Running kubernetes-nmstate handler e2e tests stuck on OVN clusters\n2056752 - Better to named the oc-mirror version info with more information like the `oc version --client`\n2056802 - \"enforcedLabelLimit|enforcedLabelNameLengthLimit|enforcedLabelValueLengthLimit\" do not take effect\n2056841 - [UI] [DR] Web console update is available pop-up is seen multiple times on Hub cluster where ODF operator is not installed and unnecessarily it pop-up on the Managed cluster as well where ODF operator is installed\n2056893 - incorrect warning for --to-image in oc adm upgrade help\n2056967 - MetalLB: speaker metrics is not updated when deleting a service\n2057025 - Resource requests for the init-config-reloader container of prometheus-k8s-* pods are too high\n2057054 - SDK: k8s methods resolves into Response instead of the Resource\n2057079 - [cluster-csi-snapshot-controller-operator] CI failure: events should not repeat pathologically\n2057101 - oc commands working with images print an incorrect and inappropriate warning\n2057160 - configure-ovs selects wrong interface on reboot\n2057183 - OperatorHub: Missing \"valid subscriptions\" filter\n2057251 - response code for Pod count graph changed from 422 to 200 periodically for about 30 minutes if pod is rescheduled\n2057358 - [Secondary Scheduler] - cannot build bundle index image using the secondary scheduler operator bundle\n2057387 - [Secondary Scheduler] - olm.skiprange, com.redhat.openshift.versions is incorrect and no minkubeversion\n2057403 - CMO logs show forbidden: User \"system:serviceaccount:openshift-monitoring:cluster-monitoring-operator\" cannot get resource \"replicasets\" in API group \"apps\" in the namespace \"openshift-monitoring\"\n2057495 - Alibaba Disk CSI driver does not provision small PVCs\n2057558 - Marketplace operator polls too frequently for cluster operator status changes\n2057633 - oc rsync reports misleading error when container is not found\n2057642 - ClusterOperator status.conditions[].reason \"etcd disk metrics exceeded...\" should be a CamelCase slug\n2057644 - FSyncControllerDegraded latches True, even after fsync latency recovers on all members\n2057696 - Removing console still blocks OCP install from completing\n2057762 - ingress operator should report Upgradeable False to remind user before upgrade to 4.10 when Non-SAN certs are used\n2057832 - expr for record rule: \"cluster:telemetry_selected_series:count\" is improper\n2057967 - KubeJobCompletion does not account for possible job states\n2057990 - Add extra debug information to image signature workflow test\n2057994 - SRIOV-CNI failed to load netconf: LoadConf(): failed to get VF information\n2058030 - On OCP 4.10+ using OVNK8s on BM IPI, nodes register as localhost.localdomain\n2058217 - [vsphere-problem-detector-operator] \u0027vsphere_rwx_volumes_total\u0027 metric name make confused\n2058225 - openshift_csi_share_* metrics are not found from telemeter server\n2058282 - Websockets stop updating during cluster upgrades\n2058291 - CI builds should have correct version of Kube without needing to push tags everytime\n2058368 - Openshift OVN-K got restarted mutilple times with the error  \" ovsdb-server/memory-trim-on-compaction on\u0027\u0027 failed: exit status 1   and \" ovndbchecker.go:118] unable to turn on memory       trimming for SB DB, stderr \"  , cluster  unavailable\n2058370 - e2e-aws-driver-toolkit CI job is failing\n2058421 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2058424 - ConsolePlugin proxy always passes Authorization header even if `authorize` property is omitted or false\n2058623 - Bootstrap server dropdown menu in Create Event Source- KafkaSource form is empty even if it\u0027s created\n2058626 - Multiple Azure upstream kube fsgroupchangepolicy tests are permafailing expecting gid \"1000\" but geting \"root\"\n2058671 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage \u0026 proper backoff\n2058692 - [Secondary Scheduler] Creating secondaryscheduler instance fails with error \"key failed with : secondaryschedulers.operator.openshift.io \"secondary-scheduler\" not found\"\n2059187 - [Secondary Scheduler] -  key failed with : serviceaccounts \"secondary-scheduler\" is forbidden\n2059212 - [tracker] Backport https://github.com/util-linux/util-linux/commit/eab90ef8d4f66394285e0cff1dfc0a27242c05aa\n2059213 - ART cannot build installer images due to missing terraform binaries for some architectures\n2059338 - A fully upgraded 4.10 cluster defaults to HW-13 hardware version even if HW-15 is default (and supported)\n2059490 - The operator image in CSV file of the ART DPU network operator bundle is incorrect\n2059567 - vMedia based IPI installation of OpenShift fails on Nokia servers due to issues with virtual media attachment and boot source override\n2059586 - (release-4.11) Insights operator doesn\u0027t reconcile clusteroperator status condition messages\n2059654 - Dynamic demo plugin proxy example out of date\n2059674 - Demo plugin fails to build\n2059716 - cloud-controller-manager flaps operator version during 4.9 -\u003e 4.10 update\n2059791 - [vSphere CSI driver Operator] didn\u0027t update \u0027vsphere_csi_driver_error\u0027 metric value when fixed the error manually\n2059840 - [LSO]Could not gather logs for pod diskmaker-discovery and diskmaker-manager\n2059943 - MetalLB: Move CI config files to metallb repo from dev-scripts repo\n2060037 - Configure logging level of FRR containers\n2060083 - CMO doesn\u0027t react to changes in clusteroperator console\n2060091 - CMO produces invalid alertmanager statefulset if console cluster .status.consoleURL is unset\n2060133 - [OVN RHEL upgrade] could not find IP addresses: failed to lookup link br-ex: Link not found\n2060147 - RHEL8 Workers Need to Ensure libseccomp is up to date at install time\n2060159 - LGW: External-\u003eService of type ETP=Cluster doesn\u0027t go to the node\n2060329 - Detect unsupported amount of workloads before rendering a lazy or crashing topology\n2060334 - Azure VNET lookup fails when the NIC subnet is in a different resource group\n2060361 - Unable to enumerate NICs due to missing the \u0027primary\u0027 field due to security restrictions\n2060406 - Test \u0027operators should not create watch channels very often\u0027 fails\n2060492 - Update PtpConfigSlave source-crs to use network_transport L2 instead of UDPv4\n2060509 - Incorrect installation of ibmcloud vpc csi driver in IBM Cloud ROKS 4.10\n2060532 - LSO e2e tests are run against default image and namespace\n2060534 - openshift-apiserver pod in crashloop due to unable to reach kubernetes svc ip\n2060549 - ErrorAddingLogicalPort: duplicate IP found in ECMP Pod route cache!\n2060553 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n2060583 - Remove Console internal-kubevirt plugin SDK package\n2060605 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060617 - IBMCloud destroy DNS regex not strict enough\n2060687 - Azure Ci:  SubscriptionDoesNotSupportZone  - does not support availability zones at location \u0027westus\u0027\n2060697 - [AWS] partitionNumber cannot work for specifying Partition number\n2060714 - [DOCS] Change source_labels to sourceLabels in \"Configuring remote write storage\" section\n2060837 - [oc-mirror] Catalog merging error when two or more bundles does not have a set Replace field\n2060894 - Preceding/Trailing Whitespaces In Form Elements on the add page\n2060924 - Console white-screens while using debug terminal\n2060968 - Installation failing due to ironic-agent.service not starting properly\n2060970 - Bump recommended FCOS to 35.20220213.3.0\n2061002 - Conntrack entry is not removed for LoadBalancer IP\n2061301 - Traffic Splitting Dialog is Confusing With Only One Revision\n2061303 - Cachito request failure with vendor directory is out of sync with go.mod/go.sum\n2061304 - workload info gatherer - don\u0027t serialize empty images map\n2061333 - White screen for Pipeline builder page\n2061447 - [GSS] local pv\u0027s are in terminating state\n2061496 - etcd RecentBackup=Unknown ControllerStarted contains no message string\n2061527 - [IBMCloud] infrastructure asset missing CloudProviderType\n2061544 - AzureStack is hard-coded to use Standard_LRS for the disk type\n2061549 - AzureStack install with internal publishing does not create api DNS record\n2061611 - [upstream] The marker of KubeBuilder doesn\u0027t work if it is close to the code\n2061732 - Cinder CSI crashes when API is not available\n2061755 - Missing breadcrumb on the resource creation page\n2061833 - A single worker can be assigned to multiple baremetal hosts\n2061891 - [IPI on IBMCLOUD]  missing ?br-sao? region in openshift installer\n2061916 - mixed ingress and egress policies can result in half-isolated pods\n2061918 - Topology Sidepanel style is broken\n2061919 - Egress Ip entry stays on node\u0027s primary NIC post deletion from hostsubnet\n2062007 - MCC bootstrap command lacks template flag\n2062126 - IPfailover pod is crashing during creation showing keepalived_script doesn\u0027t exist\n2062151 - Add RBAC for \u0027infrastructures\u0027 to operator bundle\n2062355 - kubernetes-nmstate resources and logs not included in must-gathers\n2062459 - Ingress pods scheduled on the same node\n2062524 - [Kamelet Sink] Topology crashes on click of Event sink node if the resource is created source to Uri over ref\n2062558 - Egress IP with openshift sdn in not functional on worker node. \n2062568 - CVO does not trigger new upgrade again after fail to update to unavailable payload\n2062645 - configure-ovs: don\u0027t restart networking if not necessary\n2062713 - Special Resource Operator(SRO) - No sro_used_nodes metric\n2062849 - hw event proxy is not binding on ipv6 local address\n2062920 - Project selector is too tall with only a few projects\n2062998 - AWS GovCloud regions are recognized as the unknown regions\n2063047 - Configuring a full-path query log file in CMO breaks Prometheus with the latest version of the operator\n2063115 - ose-aws-efs-csi-driver has invalid dependency in go.mod\n2063164 - metal-ipi-ovn-ipv6 Job Permafailing and Blocking OpenShift 4.11 Payloads: insights operator is not available\n2063183 - DefragDialTimeout is set to low for large scale OpenShift Container Platform - Cluster\n2063194 - cluster-autoscaler-default will fail when automated etcd defrag is running on large scale OpenShift Container Platform 4 - Cluster\n2063321 - [OVN]After reboot egress node,  lr-policy-list was not correct, some duplicate records or missed internal IPs\n2063324 - MCO template output directories created with wrong mode causing render failure in unprivileged container environments\n2063375 - ptp operator upgrade from 4.9 to 4.10 stuck at pending due to service account requirements not met\n2063414 - on OKD 4.10, when image-registry is enabled, the /etc/hosts entry is missing on some nodes\n2063699 - Builds - Builds - Logs: i18n misses. \n2063708 - Builds - Builds - Logs: translation correction needed. \n2063720 - Metallb EBGP neighbor stuck in active until adding ebgp-multihop (directly connected neighbors)\n2063732 - Workloads - StatefulSets : I18n misses\n2063747 - When building a bundle, the push command fails because is passes a redundant \"IMG=\" on the the CLI\n2063753 - User Preferences - Language - Language selection : Page refresh rquired to change the UI into selected Language. \n2063756 - User Preferences - Applications - Insecure traffic : i18n misses\n2063795 - Remove go-ovirt-client go.mod replace directive\n2063829 - During an IPI install with the 4.10.4 installer on vSphere, getting \"Check\": platform.vsphere.network: Invalid value: \"VLAN_3912\": unable to find network provided\"\n2063831 - etcd quorum pods landing on same node\n2063897 - Community tasks not shown in pipeline builder page\n2063905 - PrometheusOperatorWatchErrors alert may fire shortly in case of transient errors from the API server\n2063938 - sing the hard coded rest-mapper in library-go\n2063955 - cannot download operator catalogs due to missing images\n2063957 - User Management - Users : While Impersonating user, UI is not switching into user\u0027s set language\n2064024 - SNO OCP upgrade with DU workload stuck at waiting for kube-apiserver static pod\n2064170 - [Azure] Missing punctuation in the  installconfig.controlPlane.platform.azure.osDisk explain\n2064239 - Virtualization Overview page turns into blank page\n2064256 - The Knative traffic distribution doesn\u0027t update percentage in sidebar\n2064553 - UI should prefer to use the virtio-win configmap than v2v-vmware configmap for windows creation\n2064596 - Fix the hubUrl docs link in pipeline quicksearch modal\n2064607 - Pipeline builder makes too many (100+) API calls upfront\n2064613 - [OCPonRHV]- after few days that cluster is alive we got error in storage operator\n2064693 - [IPI][OSP] Openshift-install fails to find the shiftstack cloud defined in clouds.yaml in the current directory\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2064705 - the alertmanagerconfig validation catches the wrong value for invalid field\n2064744 - Errors trying to use the Debug Container feature\n2064984 - Update error message for label limits\n2065076 - Access monitoring Routes based on monitoring-shared-config creates wrong URL\n2065160 - Possible leak of load balancer targets on AWS Machine API Provider\n2065224 - Configuration for cloudFront in image-registry operator configuration is ignored \u0026 duration is corrupted\n2065290 - CVE-2021-23648 sanitize-url: XSS\n2065338 - VolumeSnapshot creation date sorting is broken\n2065507 - `oc adm upgrade` should return ReleaseAccepted condition to show upgrade status. \n2065510 - [AWS] failed to create cluster on ap-southeast-3\n2065513 - Dev Perspective -\u003e Project Dashboard shows Resource Quotas which are a bit misleading, and too many decimal places\n2065547 - (release-4.11) Gather kube-controller-manager pod logs with garbage collector errors\n2065552 - [AWS] Failed to install cluster on AWS ap-southeast-3 region due to image-registry panic error\n2065577 - user with user-workload-monitoring-config-edit role can not create user-workload-monitoring-config configmap\n2065597 - Cinder CSI is not configurable\n2065682 - Remote write relabel config adds label __tmp_openshift_cluster_id__ to all metrics\n2065689 - Internal Image registry with GCS backend does not redirect client\n2065749 - Kubelet slowly leaking memory and pods eventually unable to start\n2065785 - ip-reconciler job does not complete, halts node drain\n2065804 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204\n2065806 - stop considering Mint mode as supported on Azure\n2065840 - the cronjob object is created  with a  wrong api version batch/v1beta1 when created  via the openshift console\n2065893 - [4.11] Bootimage bump tracker\n2066009 - CVE-2021-44906 minimist: prototype pollution\n2066232 - e2e-aws-workers-rhel8 is failing on ansible check\n2066418 - [4.11] Update channels information link is taking to a 404 error page\n2066444 - The \"ingress\" clusteroperator\u0027s relatedObjects field has kind names instead of resource names\n2066457 - Prometheus CI failure: 503 Service Unavailable\n2066463 - [IBMCloud] failed to list DNS zones: Exactly one of ApiKey or RefreshToken must be specified\n2066605 - coredns template block matches cluster API to loose\n2066615 - Downstream OSDK still use upstream image for Hybird type operator\n2066619 - The GitCommit of the `oc-mirror version` is not correct\n2066665 - [ibm-vpc-block] Unable to change default storage class\n2066700 - [node-tuning-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles\n2066754 - Cypress reports for core tests are not captured\n2066782 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user\n2066865 - Flaky test: In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (delayed binding)] topology should provision a volume and schedule a pod with AllowedTopologies\n2066886 - openshift-apiserver pods never going NotReady\n2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066923 - No rule to make target \u0027docker-push\u0027 when building the SRO bundle\n2066945 - SRO appends \"arm64\" instead of \"aarch64\" to the kernel name and it doesn\u0027t match the DTK\n2067004 - CMO contains grafana image though grafana is removed\n2067005 - Prometheus rule contains grafana though grafana is removed\n2067062 - should update prometheus-operator resources version\n2067064 - RoleBinding in Developer Console is dropping all subjects when editing\n2067155 - Incorrect operator display name shown in pipelines quickstart in devconsole\n2067180 - Missing i18n translations\n2067298 - Console 4.10 operand form refresh\n2067312 - PPT event source is lost when received by the consumer\n2067384 - OCP 4.10 should be firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25\n2067456 - OCP 4.11 should be firing APIRemovedInNextEUSReleaseInUse and APIRemovedInNextReleaseInUse for APIs removed in 1.25\n2067995 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling\n2068115 - resource tab extension fails to show up\n2068148 - [4.11] /etc/redhat-release symlink is broken\n2068180 - OCP UPI on AWS with STS enabled is breaking the Ingress operator\n2068181 - Event source powered with kamelet type source doesn\u0027t show associated deployment in resources tab\n2068490 - OLM descriptors integration test failing\n2068538 - Crashloop back-off popover visual spacing defects\n2068601 - Potential etcd inconsistent revision and data occurs\n2068613 - ClusterRoleUpdated/ClusterRoleBindingUpdated Spamming Event Logs\n2068908 - Manual blog link change needed\n2069068 - reconciling Prometheus Operator Deployment failed while upgrading from 4.7.46 to 4.8.35\n2069075 - [Alibaba 4.11.0-0.nightly] cluster storage component in Progressing state\n2069181 - Disabling community tasks is not working\n2069198 - Flaky CI test in e2e/pipeline-ci\n2069307 - oc mirror hangs when processing the Red Hat 4.10 catalog\n2069312 - extend rest mappings with \u0027job\u0027 definition\n2069457 - Ingress operator has superfluous finalizer deletion logic for LoadBalancer-type services\n2069577 - ConsolePlugin example proxy authorize is wrong\n2069612 - Special Resource Operator (SRO) - Crash when nodeSelector does not match any nodes\n2069632 - Not able to download previous container logs from console\n2069643 - ConfigMaps leftovers while uninstalling SpecialResource with configmap\n2069654 - Creating VMs with YAML on Openshift Virtualization UI is missing labels `flavor`, `os` and `workload`\n2069685 - UI crashes on load if a pinned resource model does not exist\n2069705 - prometheus target \"serviceMonitor/openshift-metallb-system/monitor-metallb-controller/0\" has a failure with \"server returned HTTP status 502 Bad Gateway\"\n2069740 - On-prem loadbalancer ports conflict with kube node port range\n2069760 - In developer perspective divider does not show up in navigation\n2069904 - Sync upstream 1.18.1 downstream\n2069914 - Application Launcher groupings are not case-sensitive\n2069997 - [4.11] should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2070000 - Add warning alerts for installing standalone k8s-nmstate\n2070020 - InContext doesn\u0027t work for Event Sources\n2070047 - Kuryr: Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured\n2070160 - Copy-to-clipboard and \u003cpre\u003e elements cause display issues for ACM dynamic plugins\n2070172 - SRO uses the chart\u0027s name as Helm release, not the SpecialResource\u0027s\n2070181 - [MAPO] serverGroupName ignored\n2070457 - Image vulnerability Popover overflows from the visible area\n2070674 - [GCP] Routes get timed out and nonresponsive after creating 2K service routes\n2070703 - some ipv6 network policy tests consistently failing\n2070720 - [UI] Filter reset doesn\u0027t work on Pods/Secrets/etc pages and complete list disappears\n2070731 - details switch label is not clickable on add page\n2070791 - [GCP]Image registry are crash on cluster with GCP workload identity enabled\n2070792 - service \"openshift-marketplace/marketplace-operator-metrics\" is not annotated with capability\n2070805 - ClusterVersion: could not download the update\n2070854 - cv.status.capabilities.enabledCapabilities doesn?t show the day-2 enabled caps when there are errors on resources update\n2070887 - Cv condition ImplicitlyEnabledCapabilities doesn?t complain about the disabled capabilities which is previously enabled\n2070888 - Cannot bind driver vfio-pci when apply sriovnodenetworkpolicy with type vfio-pci\n2070929 - OVN-Kubernetes: EgressIP breaks access from a pod with EgressIP to other host networked pods on different nodes\n2071019 - rebase vsphere csi driver 2.5\n2071021 - vsphere driver has snapshot support missing\n2071033 - conditionally relabel volumes given annotation not working - SELinux context match is wrong\n2071139 - Ingress pods scheduled on the same node\n2071364 - All image building tests are broken with \"            error: build error: attempting to convert BUILD_LOGLEVEL env var value \"\" to integer: strconv.Atoi: parsing \"\": invalid syntax\n2071578 - Monitoring navigation should not be shown if monitoring is not available (CRC)\n2071599 - RoleBidings are not getting updated for ClusterRole in OpenShift Web Console\n2071614 - Updating EgressNetworkPolicy rejecting with error UnsupportedMediaType\n2071617 - remove Kubevirt extensions in favour of dynamic plugin\n2071650 - ovn-k ovn_db_cluster metrics are not exposed for SNO\n2071691 - OCP Console global PatternFly overrides adds padding to breadcrumbs\n2071700 - v1 events show \"Generated from\" message without the source/reporting component\n2071715 - Shows 404 on Environment nav in Developer console\n2071719 - OCP Console global PatternFly overrides link button whitespace\n2071747 - Link to documentation from the overview page goes to a missing link\n2071761 - Translation Keys Are Not Namespaced\n2071799 - Multus CNI should exit cleanly on CNI DEL when the API server is unavailable\n2071859 - ovn-kube pods spec.dnsPolicy should be Default\n2071914 - cloud-network-config-controller 4.10.5:  Error building cloud provider client, err: %vfailed to initialize Azure environment: autorest/azure: There is no cloud environment matching the name \"\"\n2071998 - Cluster-version operator should share details of signature verification when it fails in \u0027Force: true\u0027 updates\n2072106 - cluster-ingress-operator tests do not build on go 1.18\n2072134 - Routes are not accessible within cluster from hostnet pods\n2072139 - vsphere driver has permissions to create/update PV objects\n2072154 - Secondary Scheduler operator panics\n2072171 - Test \"[sig-network][Feature:EgressFirewall] EgressFirewall should have no impact outside its namespace [Suite:openshift/conformance/parallel]\" fails\n2072195 - machine api doesn\u0027t issue client cert when AWS DNS suffix missing\n2072215 - Whereabouts ip-reconciler should be opt-in and not required\n2072389 - CVO exits upgrade immediately rather than waiting for etcd backup\n2072439 - openshift-cloud-network-config-controller reports wrong range of IP addresses for Azure worker nodes\n2072455 - make bundle overwrites supported-nic-ids_v1_configmap.yaml\n2072570 - The namespace titles for operator-install-single-namespace test keep changing\n2072710 - Perfscale - pods time out waiting for OVS port binding (ovn-installed)\n2072766 - Cluster Network Operator stuck in CrashLoopBackOff when scheduled to same master\n2072780 - OVN kube-master does not clear NetworkUnavailableCondition on GCP BYOH Windows node\n2072793 - Drop \"Used Filesystem\" from \"Virtualization -\u003e Overview\"\n2072805 - Observe \u003e Dashboards: $__range variables cause PromQL query errors\n2072807 - Observe \u003e Dashboards: Missing `panel.styles` attribute for table panels causes JS error\n2072842 - (release-4.11) Gather namespace names with overlapping UID ranges\n2072883 - sometimes monitoring dashboards charts can not be loaded successfully\n2072891 - Update gcp-pd-csi-driver to 1.5.1;\n2072911 - panic observed in kubedescheduler operator\n2072924 - periodic-ci-openshift-release-master-ci-4.11-e2e-azure-techpreview-serial\n2072957 - ContainerCreateError loop leads to several thousand empty logfiles in the file system\n2072998 - update aws-efs-csi-driver to the latest version\n2072999 - Navigate from logs of selected Tekton task instead of last one\n2073021 - [vsphere] Failed to update OS on master nodes\n2073112 - Prometheus (uwm) externalLabels not showing always in alerts. \n2073113 - Warning is logged to the console: W0407 Defaulting of registry auth file to \"${HOME}/.docker/config.json\" is deprecated. \n2073176 - removing data in form does not remove data from yaml editor\n2073197 - Error in Spoke/SNO agent: Source image rejected: A signature was required, but no signature exists\n2073329 - Pipelines-plugin- Having different title for Pipeline Runs tab, on Pipeline Details page it\u0027s \"PipelineRuns\" and on Repository Details page it\u0027s \"Pipeline Runs\". \n2073373 - Update azure-disk-csi-driver to 1.16.0\n2073378 - failed egressIP assignment - cloud-network-config-controller does not delete failed cloudprivateipconfig\n2073398 - machine-api-provider-openstack does not clean up OSP ports after failed server provisioning\n2073436 - Update azure-file-csi-driver to v1.14.0\n2073437 - Topology performance: Firehose/useK8sWatchResources cache can return unexpected data format if isList differs on multiple calls\n2073452 - [sig-network] pods should successfully create sandboxes by other - failed (add)\n2073473 - [OVN SCALE][ovn-northd] Unnecessary SB record no-op changes added to SB transaction. \n2073522 - Update ibm-vpc-block-csi-driver to v4.2.0\n2073525 - Update vpc-node-label-updater to v4.1.2\n2073901 - Installation failed due to etcd operator Err:DefragControllerDegraded: failed to dial endpoint https://10.0.0.7:2379 with maintenance client: context canceled\n2073937 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for UMW\n2073938 - APIRemovedInNextEUSReleaseInUse alert for runtimeclasses\n2073945 - APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies\n2073972 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for platform monitoring\n2074009 - [OVN] ovn-northd doesn\u0027t clean Chassis_Private record after scale down to 0 a machineSet\n2074031 - Admins should be able to tune garbage collector aggressiveness (GOGC) for kube-apiserver if necessary\n2074062 - Node Tuning Operator(NTO) - Cloud provider profile rollback doesn\u0027t work well\n2074084 - CMO metrics not visible in the OCP webconsole UI\n2074100 - CRD filtering according to name broken\n2074210 - asia-south2, australia-southeast2, and southamerica-west1Missing from GCP regions\n2074237 - oc new-app --image-stream flag behavior is unclear\n2074243 - DefaultPlacement API allow empty enum value and remove default\n2074447 - cluster-dashboard: CPU Utilisation iowait and steal\n2074465 - PipelineRun fails in import from Git flow if \"main\" branch is default\n2074471 - Cannot delete namespace with a LB type svc and Kuryr when ExternalCloudProvider is enabled\n2074475 - [e2e][automation] kubevirt plugin cypress tests fail\n2074483 - coreos-installer doesnt work on Dell machines\n2074544 - e2e-metal-ipi-ovn-ipv6 failing due to recent CEO changes\n2074585 - MCG standalone deployment page goes blank when the KMS option is enabled\n2074606 - occm does not have permissions to annotate SVC objects\n2074612 - Operator fails to install due to service name lookup failure\n2074613 - nodeip-configuration container incorrectly attempts to relabel /etc/systemd/system\n2074635 - Unable to start Web Terminal after deleting existing instance\n2074659 - AWS installconfig ValidateForProvisioning always provides blank values to validate zone records\n2074706 - Custom EC2 endpoint is not considered by AWS EBS CSI driver\n2074710 - Transition to go-ovirt-client\n2074756 - Namespace column provide wrong data in ClusterRole Details -\u003e Rolebindings tab\n2074767 - Metrics page show incorrect values due to metrics level config\n2074807 - NodeFilesystemSpaceFillingUp alert fires even before kubelet GC kicks in\n2074902 - `oc debug node/nodename ? chroot /host somecommand` should exit with non-zero when the sub-command failed\n2075015 - etcd-guard connection refused event repeating pathologically (payload blocking)\n2075024 - Metal upgrades permafailing on metal3 containers crash looping\n2075050 - oc-mirror fails to calculate between two channels with different prefixes for the same version of OCP\n2075091 - Symptom Detection.Undiagnosed panic detected in pod\n2075117 - Developer catalog: Order dropdown (A-Z, Z-A) is miss-aligned (in a separate row)\n2075149 - Trigger Translations When Extensions Are Updated\n2075189 - Imports from dynamic-plugin-sdk lead to failed module resolution errors\n2075459 - Set up cluster on aws with rootvolumn io2 failed due to no iops despite it being configured\n2075475 - OVN-Kubernetes: egress router pod (redirect mode), access from pod on different worker-node (redirect) doesn\u0027t work\n2075478 - Bump documentationBaseURL to 4.11\n2075491 - nmstate operator cannot be upgraded on SNO\n2075575 - Local Dev Env - Prometheus 404 Call errors spam the console\n2075584 - improve clarity of build failure messages when using csi shared resources but tech preview is not enabled\n2075592 - Regression - Top of the web terminal drawer is missing a stroke/dropshadow\n2075621 - Cluster upgrade.[sig-mco] Machine config pools complete upgrade\n2075647 - \u0027oc adm upgrade ...\u0027 POSTs ClusterVersion, clobbering any unrecognized spec properties\n2075671 - Cluster Ingress Operator K8S API cache contains duplicate objects\n2075778 - Fix failing TestGetRegistrySamples test\n2075873 - Bump recommended FCOS to 35.20220327.3.0\n2076193 - oc patch command for the liveness probe and readiness probe parameters of an OpenShift router deployment doesn\u0027t take effect\n2076270 - [OCPonRHV] MachineSet scale down operation fails to delete the worker VMs\n2076277 - [RFE] [OCPonRHV] Add storage domain ID valueto Compute/ControlPlain section in the machine object\n2076290 - PTP operator readme missing documentation on BC setup via PTP config\n2076297 - Router process ignores shutdown signal while starting up\n2076323 - OLM blocks all operator installs if an openshift-marketplace catalogsource is unavailable\n2076355 - The KubeletConfigController wrongly process multiple confs for a pool after having kubeletconfig in bootstrap\n2076393 - [VSphere] survey fails to list datacenters\n2076521 - Nodes in the same zone are not updated in the right order\n2076527 - Pipeline Builder: Make unnecessary tekton hub API calls when the user types \u0027too fast\u0027\n2076544 - Whitespace (padding) is missing after an PatternFly update, already in 4.10\n2076553 - Project access view replace group ref with user ref when updating their Role\n2076614 - Missing Events component from the SDK API\n2076637 - Configure metrics for vsphere driver to be reported\n2076646 - openshift-install destroy unable to delete PVC disks in GCP if cluster identifier is longer than 22 characters\n2076793 - CVO exits upgrade immediately rather than waiting for etcd backup\n2076831 - [ocp4.11]Mem/cpu high utilization by apiserver/etcd for cluster stayed 10 hours\n2076877 - network operator tracker to switch to use flowcontrol.apiserver.k8s.io/v1beta2 instead v1beta1 to be deprecated in k8s 1.26\n2076880 - OKD: add cluster domain to the uploaded vm configs so that 30-local-dns-prepender can use it\n2076975 - Metric unset during static route conversion in configure-ovs.sh\n2076984 - TestConfigurableRouteNoConsumingUserNoRBAC fails in CI\n2077050 - OCP should default to pd-ssd disk type on GCP\n2077150 - Breadcrumbs on a few screens don\u0027t have correct top margin spacing\n2077160 - Update owners for openshift/cluster-etcd-operator\n2077357 - [release-4.11] 200ms packet delay with OVN controller turn on\n2077373 - Accessibility warning on developer perspective\n2077386 - Import page shows untranslated values for the route advanced routing\u003esecurity options (devconsole~Edge)\n2077457 - failure in test case \"[sig-network][Feature:Router] The HAProxy router should serve the correct routes when running with the haproxy config manager\"\n2077497 - Rebase etcd to 3.5.3 or later\n2077597 - machine-api-controller is not taking the proxy configuration when it needs to reach the RHV API\n2077599 - OCP should alert users if they are on vsphere version \u003c7.0.2\n2077662 - AWS Platform Provisioning Check incorrectly identifies record as part of domain of cluster\n2077797 - LSO pods don\u0027t have any resource requests\n2077851 - \"make vendor\" target is not working\n2077943 - If there is a service with multiple ports, and the route uses 8080, when editing the 8080 port isn\u0027t replaced, but a random port gets replaced and 8080 still stays\n2077994 - Publish RHEL CoreOS AMIs in AWS ap-southeast-3 region\n2078013 - drop multipathd.socket workaround\n2078375 - When using the wizard with template using data source the resulting vm use pvc source\n2078396 - [OVN AWS] EgressIP was not balanced to another egress node after original node was removed egress label\n2078431 - [OCPonRHV] - ERROR failed to instantiate provider \"openshift/local/ovirt\" to obtain schema:  ERROR fork/exec\n2078526 - Multicast breaks after master node reboot/sync\n2078573 - SDN CNI -Fail to create nncp when vxlan is up\n2078634 - CRI-O not killing Calico CNI stalled (zombie) processes. \n2078698 - search box may not completely remove content\n2078769 - Different not translated filter group names (incl. Secret, Pipeline, PIpelineRun)\n2078778 - [4.11] oc get ValidatingWebhookConfiguration,MutatingWebhookConfiguration fails and caused ?apiserver panic\u0027d...http2: panic serving xxx.xx.xxx.21:49748: cannot deep copy int? when AllRequestBodies audit-profile is used. \n2078781 - PreflightValidation does not handle multiarch images\n2078866 - [BM][IPI] Installation with bonds fail - DaemonSet \"openshift-ovn-kubernetes/ovnkube-node\" rollout is not making progress\n2078875 - OpenShift Installer fail to remove Neutron ports\n2078895 - [OCPonRHV]-\"cow\" unsupported value in format field in install-config.yaml\n2078910 - CNO spitting out \".spec.groups[0].rules[4].runbook_url: field not declared in schema\"\n2078945 - Ensure only one apiserver-watcher process is active on a node. \n2078954 - network-metrics-daemon makes costly global pod list calls scaling per node\n2078969 - Avoid update races between old and new NTO operands during cluster upgrades\n2079012 - egressIP not migrated to correct workers after deleting machineset it was assigned\n2079062 - Test for console demo plugin toast notification needs to be increased for ci testing\n2079197 - [RFE] alert when more than one default storage class is detected\n2079216 - Partial cluster update reference doc link returns 404\n2079292 - containers prometheus-operator/kube-rbac-proxy violate PodSecurity\n2079315 - (release-4.11) Gather ODF config data with Insights\n2079422 - Deprecated 1.25 API call\n2079439 - OVN Pods Assigned Same IP Simultaneously\n2079468 - Enhance the waitForIngressControllerCondition for better CI results\n2079500 - okd-baremetal-install uses fcos for bootstrap but rhcos for cluster\n2079610 - Opeatorhub status shows errors\n2079663 - change default image features in RBD storageclass\n2079673 - Add flags to disable migrated code\n2079685 - Storageclass creation page with \"Enable encryption\" is not displaying saved KMS connection details when vaulttenantsa details are available in csi-kms-details config\n2079724 - cluster-etcd-operator - disable defrag-controller as there is unpredictable impact on large OpenShift Container Platform 4 - Cluster\n2079788 - Operator restarts while applying the acm-ice example\n2079789 - cluster drops ImplicitlyEnabledCapabilities during upgrade\n2079803 - Upgrade-triggered etcd backup will be skip during serial upgrade\n2079805 - Secondary scheduler operator should comply to restricted pod security level\n2079818 - Developer catalog installation overlay (modal?) shows a duplicated padding\n2079837 - [RFE] Hub/Spoke example with daemonset\n2079844 - EFS cluster csi driver status stuck in AWSEFSDriverCredentialsRequestControllerProgressing with sts installation\n2079845 - The Event Sinks catalog page now has a blank space on the left\n2079869 - Builds for multiple kernel versions should be ran in parallel when possible\n2079913 - [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN endpointslices\n2079961 - The search results accordion has no spacing between it and the side navigation bar. \n2079965 - [rebase v1.24]  [sig-node] PodOSRejection [NodeConformance] Kubelet should reject pod when the node OS doesn\u0027t match pod\u0027s OS [Suite:openshift/conformance/parallel] [Suite:k8s]\n2080054 - TAGS arg for installer-artifacts images is not propagated to build images\n2080153 - aws-load-balancer-operator-controller-manager pod stuck in ContainerCreating status\n2080197 - etcd leader changes produce test churn during early stage of test\n2080255 - EgressIP broken on AWS with OpenShiftSDN / latest nightly build\n2080267 - [Fresh Installation] Openshift-machine-config-operator namespace is flooded with events related to clusterrole, clusterrolebinding\n2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses\n2080379 - Group all e2e tests as parallel or serial\n2080387 - Visual connector not appear between the node if a node get created using \"move connector\" to a different application\n2080416 - oc bash-completion problem\n2080429 - CVO must ensure non-upgrade related changes are saved when desired payload fails to load\n2080446 - Sync ironic images with latest bug fixes packages\n2080679 - [rebase v1.24] [sig-cli] test failure\n2080681 - [rebase v1.24]  [sig-cluster-lifecycle] CSRs from machines that are not recognized by the cloud provider are not approved [Suite:openshift/conformance/parallel]\n2080687 - [rebase v1.24]  [sig-network][Feature:Router] tests are failing\n2080873 - Topology graph crashes after update to 4.11 when Layout 2 (ColaForce) was selected previously\n2080964 - Cluster operator special-resource-operator is always in Failing state with reason: \"Reconciling simple-kmod\"\n2080976 - Avoid hooks config maps when hooks are empty\n2081012 - [rebase v1.24]  [sig-devex][Feature:OpenShiftControllerManager] TestAutomaticCreationOfPullSecrets [Suite:openshift/conformance/parallel]\n2081018 - [rebase v1.24] [sig-imageregistry][Feature:Image] oc tag should work when only imagestreams api is available\n2081021 - [rebase v1.24] [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources\n2081062 - Unrevert RHCOS back to 8.6\n2081067 - admin dev-console /settings/cluster should point out history may be excerpted\n2081069 - [sig-network] pods should successfully create sandboxes by adding pod to network\n2081081 - PreflightValidation \"odd number of arguments passed as key-value pairs for logging\" error\n2081084 - [rebase v1.24] [sig-instrumentation] Events API should ensure that an event can be fetched, patched, deleted, and listed\n2081087 - [rebase v1.24] [sig-auth] ServiceAccounts should allow opting out of API token automount\n2081119 - `oc explain` output of default overlaySize is outdated\n2081172 - MetallLB: YAML view in webconsole does not show all the available key value pairs of all the objects\n2081201 - cloud-init User check for Windows VM refuses to accept capitalized usernames\n2081447 - Ingress operator performs spurious updates in response to API\u0027s defaulting of router deployment\u0027s router container\u0027s ports\u0027 protocol field\n2081562 - lifecycle.posStart hook does not have network connectivity. \n2081685 - Typo in NNCE Conditions\n2081743 - [e2e] tests failing\n2081788 - MetalLB: the crds are not validated until metallb is deployed\n2081821 - SpecialResourceModule CRD is not installed after deploying SRO operator using brew bundle image via OLM\n2081895 - Use the managed resource (and not the manifest) for resource health checks\n2081997 - disconnected insights operator remains degraded after editing pull secret\n2082075 - Removing huge amount of ports takes a lot of time. \n2082235 - CNO exposes a generic apiserver that apparently does nothing\n2082283 - Transition to new oVirt Terraform provider\n2082360 - OCP 4.10.4, CNI: SDN; Whereabouts IPAM: Duplicate IP address with bond-cni\n2082380 - [4.10.z] customize wizard is crashed\n2082403 - [LSO] No new build local-storage-operator-metadata-container created\n2082428 - oc patch healthCheckInterval with invalid \"5 s\" to the ingress-controller successfully\n2082441 - [UPI] aws-load-balancer-operator-controller-manager failed to get VPC ID in UPI on AWS\n2082492 - [IPI IBM]Can\u0027t create image-registry-private-configuration secret with error \"specified resource key credentials does not contain HMAC keys\"\n2082535 - [OCPonRHV]-workers are cloned when \"clone: false\" is specified in install-config.yaml\n2082538 - apirequests limits of Cluster CAPI Operator are too low for GCP platform\n2082566 - OCP dashboard fails to load when the query to Prometheus takes more than 30s to return\n2082604 - [IBMCloud][x86_64] IBM VPC does not properly support RHCOS Custom Image tagging\n2082667 - No new machines provisioned while machineset controller drained old nodes for change to machineset\n2082687 - [IBM Cloud][x86_64][CCCMO] IBM x86_64 CCM using unsupported --port argument\n2082763 - Cluster install stuck on the applying for operatorhub \"cluster\"\n2083149 - \"Update blocked\" label incorrectly displays on new minor versions in the \"Other available paths\" modal\n2083153 - Unable to use application credentials for Manila PVC creation on OpenStack\n2083154 - Dynamic plugin sdk tsdoc generation does not render docs for parameters\n2083219 - DPU network operator doesn\u0027t deal with c1... inteface names\n2083237 - [vsphere-ipi] Machineset scale up process delay\n2083299 - SRO does not fetch mirrored DTK images in disconnected clusters\n2083445 - [FJ OCP4.11 Bug]: RAID setting during IPI cluster deployment fails if iRMC port number is specified\n2083451 - Update external serivces URLs to console.redhat.com\n2083459 - Make numvfs \u003e totalvfs error message more verbose\n2083466 - Failed to create clusters on AWS C2S/SC2S due to image-registry MissingEndpoint error\n2083514 - Operator ignores managementState Removed\n2083641 - OpenShift Console Knative Eventing ContainerSource generates wrong api version when pointed to k8s Service\n2083756 - Linkify not upgradeable message on ClusterSettings page\n2083770 - Release image signature manifest filename extension is yaml\n2083919 - openshift4/ose-operator-registry:4.10.0 having security vulnerabilities\n2083942 - Learner promotion can temporarily fail with rpc not supported for learner errors\n2083964 - Sink resources dropdown is not persisted in form yaml switcher in event source creation form\n2083999 - \"--prune-over-size-limit\" is not working as expected\n2084079 - prometheus route is not updated to \"path: /api\" after upgrade from 4.10 to 4.11\n2084081 - nmstate-operator installed cluster on POWER shows issues while adding new dhcp interface\n2084124 - The Update cluster modal includes a broken link\n2084215 - Resource configmap \"openshift-machine-api/kube-rbac-proxy\" is defined by 2 manifests\n2084249 - panic in ovn pod from an e2e-aws-single-node-serial nightly run\n2084280 - GCP API Checks Fail if non-required APIs are not enabled\n2084288 - \"alert/Watchdog must have no gaps or changes\" failing after bump\n2084292 - Access to dashboard resources is needed in dynamic plugin SDK\n2084331 - Resource with multiple capabilities included unless all capabilities are disabled\n2084433 - Podsecurity violation error getting logged for ingresscontroller during deployment. \n2084438 - Change Ping source spec.jsonData (deprecated) field  to spec.data\n2084441 - [IPI-Azure]fail to check the vm capabilities in install cluster\n2084459 - Topology list view crashes when switching from chart view after moving sink from knative service to uri\n2084463 - 5 control plane replica tests fail on ephemeral volumes\n2084539 - update azure arm templates to support customer provided vnet\n2084545 - [rebase v1.24] cluster-api-operator causes all techpreview tests to fail\n2084580 - [4.10] No cluster name sanity validation - cluster name with a dot (\".\") character\n2084615 - Add to navigation option on search page is not properly aligned\n2084635 - PipelineRun creation from the GUI for a Pipeline with 2 workspaces hardcode the PVC storageclass\n2084732 - A special resource that was created in OCP 4.9 can\u0027t be deleted after an upgrade to 4.10\n2085187 - installer-artifacts fails to build with go 1.18\n2085326 - kube-state-metrics is tripping APIRemovedInNextEUSReleaseInUse\n2085336 - [IPI-Azure] Fail to create the worker node which HyperVGenerations is V2 or V1 and vmNetworkingType is Accelerated\n2085380 - [IPI-Azure] Incorrect error prompt validate VM image and instance HyperV gen match when install cluster\n2085407 - There is no Edit link/icon for labels on Node details page\n2085721 - customization controller image name is wrong\n2086056 - Missing doc for OVS HW offload\n2086086 - Update Cluster Sample Operator dependencies and libraries for OCP 4.11\n2086092 - update kube to v.24\n2086143 - CNO uses too much memory\n2086198 - Cluster CAPI Operator creates unnecessary defaulting webhooks\n2086301 - kubernetes nmstate pods are not running after creating instance\n2086408 - Podsecurity violation error getting logged for  externalDNS operand pods during deployment\n2086417 - Pipeline created from add flow has GIT Revision as required field\n2086437 - EgressQoS CRD not available\n2086450 - aws-load-balancer-controller-cluster pod logged Podsecurity violation error during deployment\n2086459 - oc adm inspect fails when one of resources not exist\n2086461 - CNO probes MTU unnecessarily in Hypershift, making cluster startup take too long\n2086465 - External identity providers should log login attempts in the audit trail\n2086469 - No data about title \u0027API Request Duration by Verb - 99th Percentile\u0027 display on the dashboard \u0027API Performance\u0027\n2086483 - baremetal-runtimecfg k8s dependencies should be on a par with 1.24 rebase\n2086505 - Update oauth-server images to be consistent with ART\n2086519 - workloads must comply to restricted security policy\n2086521 - Icons of Knative actions are not clearly visible on the context menu in the dark mode\n2086542 - Cannot create service binding through drag and drop\n2086544 - ovn-k master daemonset on hypershift shouldn\u0027t log token\n2086546 - Service binding connector is not visible in the dark mode\n2086718 - PowerVS destroy code does not work\n2086728 - [hypershift] Move drain to controller\n2086731 - Vertical pod autoscaler operator needs a 4.11 bump\n2086734 - Update csi driver images to be consistent with ART\n2086737 - cloud-provider-openstack rebase to kubernetes v1.24\n2086754 - Cluster resource override operator needs a 4.11 bump\n2086759 - [IPI] OCP-4.11 baremetal - boot partition is not mounted on temporary directory\n2086791 - Azure: Validate UltraSSD instances in multi-zone regions\n2086851 - pods with multiple external gateways may only be have ECMP routes for one gateway\n2086936 - vsphere ipi should use cores by default instead of sockets\n2086958 - flaky e2e in kube-controller-manager-operator TestPodDisruptionBudgetAtLimitAlert\n2086959 - flaky e2e in kube-controller-manager-operator TestLogLevel\n2086962 - oc-mirror publishes metadata with --dry-run when publishing to mirror\n2086964 - oc-mirror fails on differential run when mirroring a package with multiple channels specified\n2086972 - oc-mirror does not error invalid metadata is passed to the describe command\n2086974 - oc-mirror does not work with headsonly for operator 4.8\n2087024 - The oc-mirror result mapping.txt is not correct , can?t be used by `oc image mirror` command\n2087026 - DTK\u0027s imagestream is missing from OCP 4.11 payload\n2087037 - Cluster Autoscaler should use K8s 1.24 dependencies\n2087039 - Machine API components should use K8s 1.24 dependencies\n2087042 - Cloud providers components should use K8s 1.24 dependencies\n2087084 - remove unintentional nic support\n2087103 - \"Updating to release image\" from \u0027oc\u0027 should point out that the cluster-version operator hasn\u0027t accepted the update\n2087114 - Add simple-procfs-kmod in modprobe example in README.md\n2087213 - Spoke BMH stuck \"inspecting\" when deployed via ZTP in 4.11 OCP hub\n2087271 - oc-mirror does not check for existing workspace when performing mirror2mirror synchronization\n2087556 - Failed to render DPU ovnk manifests\n2087579 - ` --keep-manifest-list=true` does not work for `oc adm release new` , only pick up the linux/amd64 manifest from the manifest list\n2087680 - [Descheduler] Sync with sigs.k8s.io/descheduler\n2087684 - KCMO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile\n2087685 - KASO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile\n2087687 - MCO does not generate event when user applies Default -\u003e LowUpdateSlowReaction WorkerLatencyProfile\n2087764 - Rewrite the registry backend will hit error\n2087771 - [tracker] NetworkManager 1.36.0 loses DHCP lease and doesn\u0027t try again\n2087772 - Bindable badge causes some layout issues with the side panel of bindable operator backed services\n2087942 - CNO references images that are divergent from ART\n2087944 - KafkaSink Node visualized incorrectly\n2087983 - remove etcd_perf before restore\n2087993 - PreflightValidation many \"msg\":\"TODO: preflight checks\" in the operator log\n2088130 - oc-mirror init does not allow for automated testing\n2088161 - Match dockerfile image name with the name used in the release repo\n2088248 - Create HANA VM does not use values from customized HANA templates\n2088304 - ose-console: enable source containers for open source requirements\n2088428 - clusteroperator/baremetal stays in progressing: Applying metal3 resources state on a fresh install\n2088431 - AvoidBuggyIPs field of addresspool should be removed\n2088483 - oc adm catalog mirror returns 0 even if there are errors\n2088489 - Topology list does not allow selecting an application group anymore (again)\n2088533 - CRDs for openshift.io should have subresource.status failes on sharedconfigmaps.sharedresource and sharedsecrets.sharedresource\n2088535 - MetalLB: Enable debug log level for downstream CI\n2088541 - Default CatalogSources in openshift-marketplace namespace keeps throwing pod security admission warnings `would violate PodSecurity \"restricted:v1.24\"`\n2088561 - BMH unable to start inspection: File name too long\n2088634 - oc-mirror does not fail when catalog is invalid\n2088660 - Nutanix IPI installation inside container failed\n2088663 - Better to change the default value of --max-per-registry to 6\n2089163 - NMState CRD out of sync with code\n2089191 - should remove grafana from cluster-monitoring-config configmap in hypershift cluster\n2089224 - openshift-monitoring/cluster-monitoring-config configmap always revert to default setting\n2089254 - CAPI operator: Rotate token secret if its older than 30 minutes\n2089276 - origin tests for egressIP and azure fail\n2089295 - [Nutanix]machine stuck in Deleting phase when delete a machineset whose replicas\u003e=2 and machine is Provisioning phase on Nutanix\n2089309 - [OCP 4.11] Ironic inspector image fails to clean disks that are part of a multipath setup if they are passive paths\n2089334 - All cloud providers should use service account credentials\n2089344 - Failed to deploy simple-kmod\n2089350 - Rebase sdn to 1.24\n2089387 - LSO not taking mpath. ignoring device\n2089392 - 120 node baremetal upgrade from 4.9.29 --\u003e 4.10.13  crashloops on machine-approver\n2089396 - oc-mirror does not show pruned image plan\n2089405 - New topology package shows gray build icons instead of green/red icons for builds and pipelines\n2089419 - do not block 4.10 to 4.11 upgrades if an existing CSI driver is found. Instead, warn about presence of third party CSI driver\n2089488 - Special resources are missing the managementState field\n2089563 - Update Power VS MAPI to use api\u0027s from openshift/api repo\n2089574 - UWM prometheus-operator pod can\u0027t start up due to no master node in hypershift cluster\n2089675 - Could not move Serverless Service without Revision (or while starting?)\n2089681 - [Hypershift] EgressIP doesn\u0027t work in hypershift guest cluster\n2089682 - Installer expects all nutanix subnets to have a cluster reference which is not the case for e.g. overlay networks\n2089687 - alert message of MCDDrainError needs to be updated for new drain controller\n2089696 - CR reconciliation is stuck in daemonset lifecycle\n2089716 - [4.11][reliability]one worker node became NotReady on which ovnkube-node pod\u0027s memory increased sharply\n2089719 - acm-simple-kmod fails to build\n2089720 - [Hypershift] ICSP doesn\u0027t work for the guest cluster\n2089743 - acm-ice fails to deploy: helm chart does not appear to be a gzipped archive\n2089773 - Pipeline status filter and status colors doesn\u0027t work correctly with non-english languages\n2089775 - keepalived can keep ingress VIP on wrong node under certain circumstances\n2089805 - Config duration metrics aren\u0027t exposed\n2089827 - MetalLB CI - backward compatible tests are failing due to the order of delete\n2089909 - PTP e2e testing not working on SNO cluster\n2089918 - oc-mirror skip-missing still returns 404 errors when images do not exist\n2089930 - Bump OVN to 22.06\n2089933 - Pods do not post readiness status on termination\n2089968 - Multus CNI daemonset should use hostPath mounts with type: directory\n2089973 - bump libs to k8s 1.24 for OCP 4.11\n2089996 - Unnecessary yarn install runs in e2e tests\n2090017 - Enable source containers to meet open source requirements\n2090049 - destroying GCP cluster which has a compute node without infra id in name would fail to delete 2 k8s firewall-rules and VPC network\n2090092 - Will hit error if specify the channel not the latest\n2090151 - [RHEL scale up] increase the wait time so that the node has enough time to get ready\n2090178 - VM SSH command generated by UI points at api VIP\n2090182 - [Nutanix]Create a machineset with invalid image, machine stuck in \"Provisioning\" phase\n2090236 - Only reconcile annotations and status for clusters\n2090266 - oc adm release extract is failing on mutli arch image\n2090268 - [AWS EFS] Operator not getting installed successfully on Hypershift Guest cluster\n2090336 - Multus logging should be disabled prior to release\n2090343 - Multus debug logging should be enabled temporarily for debugging podsandbox creation failures. \n2090358 - Initiating drain log message is displayed before the drain actually starts\n2090359 - Nutanix mapi-controller: misleading error message when the failure is caused by wrong credentials\n2090405 - [tracker] weird port mapping with asymmetric traffic [rhel-8.6.0.z]\n2090430 - gofmt code\n2090436 - It takes 30min-60min to update the machine count in custom MachineConfigPools (MCPs) when a node is removed from the pool\n2090437 - Bump CNO to k8s 1.24\n2090465 - golang version mismatch\n2090487 - Change default SNO Networking Type and disallow OpenShiftSDN a supported networking Type\n2090537 - failure in ovndb migration when db is not ready in HA mode\n2090549 - dpu-network-operator shall be able to run on amd64 arch platform\n2090621 - Metal3 plugin does not work properly with updated NodeMaintenance CRD\n2090627 - Git commit and branch are empty in MetalLB log\n2090692 - Bump to latest 1.24 k8s release\n2090730 - must-gather should include multus logs. \n2090731 - nmstate deploys two instances of webhook on a single-node cluster\n2090751 - oc image mirror skip-missing flag does not skip images\n2090755 - MetalLB: BGPAdvertisement validation allows duplicate entries for ip pool selector, ip address pools, node selector and bgp peers\n2090774 - Add Readme to plugin directory\n2090794 - MachineConfigPool cannot apply a configuration after fixing the pods that caused a drain alert\n2090809 - gm.ClockClass  invalid syntax parse error in linux ptp daemon logs\n2090816 - OCP 4.8 Baremetal IPI installation failure: \"Bootstrap failed to complete: timed out waiting for the condition\"\n2090819 - oc-mirror does not catch invalid registry input when a namespace is specified\n2090827 - Rebase CoreDNS to 1.9.2 and k8s 1.24\n2090829 - Bump OpenShift router to k8s 1.24\n2090838 - Flaky test: ignore flapping host interface \u0027tunbr\u0027\n2090843 - addLogicalPort() performance/scale optimizations\n2090895 - Dynamic plugin nav extension \"startsWith\" property does not work\n2090929 - [etcd] cluster-backup.sh script has a conflict to use the \u0027/etc/kubernetes/static-pod-certs\u0027 folder if a custom API certificate is defined\n2090993 - [AI Day2] Worker node overview page crashes in Openshift console with TypeError\n2091029 - Cancel rollout action only appears when rollout is completed\n2091030 - Some BM may fail booting with default bootMode strategy\n2091033 - [Descheduler]: provide ability to override included/excluded namespaces\n2091087 - ODC Helm backend Owners file needs updates\n2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091167 - IPsec runtime enabling not work in hypershift\n2091218 - Update Dev Console Helm backend to use helm 3.9.0\n2091433 - Update AWS instance types\n2091542 - Error Loading/404 not found page shown after clicking \"Current namespace only\"\n2091547 - Internet connection test with proxy permanently fails\n2091567 - oVirt CSI driver should use latest go-ovirt-client\n2091595 - Alertmanager configuration can\u0027t use OpsGenie\u0027s entity field when AlertmanagerConfig is enabled\n2091599 - PTP Dual Nic  | Extend Events 4.11 - Up/Down master interface affects all the other interface in the same NIC accoording the events and metric\n2091603 - WebSocket connection restarts when switching tabs in WebTerminal\n2091613 - simple-kmod fails to build due to missing KVC\n2091634 - OVS 2.15 stops handling traffic once ovs-dpctl(2.17.2) is used against it\n2091730 - MCO e2e tests are failing with \"No token found in openshift-monitoring secrets\"\n2091746 - \"Oh no! Something went wrong\" shown after user creates MCP without \u0027spec\u0027\n2091770 - CVO gets stuck downloading an upgrade, with the version pod complaining about invalid options\n2091854 - clusteroperator status filter doesn\u0027t match all values in Status column\n2091901 - Log stream paused right after updating log lines in Web Console in OCP4.10\n2091902 - unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server has received too many requests and has asked us to try again later\n2091990 - wrong external-ids for ovn-controller lflow-cache-limit-kb\n2092003 - PR 3162 | BZ 2084450 - invalid URL schema for AWS causes tests to perma fail and break the cloud-network-config-controller\n2092041 - Bump cluster-dns-operator to k8s 1.24\n2092042 - Bump cluster-ingress-operator to k8s 1.24\n2092047 - Kube 1.24 rebase for cloud-network-config-controller\n2092137 - Search doesn\u0027t show all entries when name filter is cleared\n2092296 - Change Default MachineCIDR of Power VS Platform from 10.x to 192.168.0.0/16\n2092390 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and \u0027Overview\u0027 tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown\n2092395 - etcdHighNumberOfFailedGRPCRequests alerts with wrong results\n2092408 - Wrong icon is used in the virtualization overview permissions card\n2092414 - In virtualization overview \"running vm per templates\" template list can be improved\n2092442 - Minimum time between drain retries is not the expected one\n2092464 - marketplace catalog defaults to v4.10\n2092473 - libovsdb performance backports\n2092495 - ovn: use up to 4 northd threads in non-SNO clusters\n2092502 - [azure-file-csi-driver] Stop shipping a NFS StorageClass\n2092509 - Invalid memory address error if non existing caBundle is configured in DNS-over-TLS using ForwardPlugins\n2092572 - acm-simple-kmod chart should create the namespace on the spoke cluster\n2092579 - Don\u0027t retry pod deletion if objects are not existing\n2092650 - [BM IPI with Provisioning Network] Worker nodes are not provisioned: ironic-agent is stuck before writing into disks\n2092703 - Incorrect mount propagation information in container status\n2092815 - can\u0027t delete the unwanted image from registry by oc-mirror\n2092851 - [Descheduler]: allow to customize the LowNodeUtilization strategy thresholds\n2092867 - make repository name unique in acm-ice/acm-simple-kmod examples\n2092880 - etcdHighNumberOfLeaderChanges returns incorrect number of leadership changes\n2092887 - oc-mirror list releases command uses filter-options flag instead of filter-by-os\n2092889 - Incorrect updating of EgressACLs using direction \"from-lport\"\n2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)\n2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)\n2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)\n2092928 - CVE-2022-26945 go-getter: command injection vulnerability\n2092937 - WebScale: OVN-k8s forwarding to external-gw over the secondary interfaces failing\n2092966 - [OCP 4.11] [azure] /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n2093044 - Azure machine-api-provider-azure Availability Set Name Length Limit\n2093047 - Dynamic Plugins: Generated API markdown duplicates `checkAccess` and `useAccessReview` doc\n2093126 - [4.11] Bootimage bump tracker\n2093236 - DNS operator stopped reconciling after 4.10 to 4.11 upgrade | 4.11 nightly to 4.11 nightly upgrade\n2093288 - Default catalogs fails liveness/readiness probes\n2093357 - Upgrading sno spoke with acm-ice, causes the sno to get unreachable\n2093368 - Installer orphans FIPs created for LoadBalancer Services on `cluster destroy`\n2093396 - Remove node-tainting for too-small MTU\n2093445 - ManagementState reconciliation breaks SR\n2093454 - Router proxy protocol doesn\u0027t work with dual-stack (IPv4 and IPv6) clusters\n2093462 - Ingress Operator isn\u0027t reconciling the ingress cluster operator object\n2093586 - Topology: Ctrl+space opens the quick search modal, but doesn\u0027t close it again\n2093593 - Import from Devfile shows configuration options that shoudn\u0027t be there\n2093597 - Import: Advanced option sentence is splited into two parts and headlines has no padding\n2093600 - Project access tab should apply new permissions before it delete old ones\n2093601 - Project access page doesn\u0027t allow the user to update the settings twice (without manually reload the content)\n2093783 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.24\n2093797 - \u0027oc registry login\u0027 with serviceaccount function need update\n2093819 - An etcd member for a new machine was never added to the cluster\n2093930 - Gather console helm install  totals metric\n2093957 - Oc-mirror write dup metadata to registry backend\n2093986 - Podsecurity violation error getting logged for pod-identity-webhook\n2093992 - Cluster version operator acknowledges upgrade failing on periodic-ci-openshift-release-master-nightly-4.11-e2e-metal-ipi-upgrade-ovn-ipv6\n2094023 - Add Git Flow - Template Labels for Deployment show as DeploymentConfig\n2094024 - bump oauth-apiserver deps to include 1.23.1 k8s that fixes etcd blips\n2094039 - egressIP panics with nil pointer dereference\n2094055 - Bump coreos-installer for s390x Secure Execution\n2094071 - No runbook created for SouthboundStale alert\n2094088 - Columns in NBDB may never be updated by OVNK\n2094104 - Demo dynamic plugin image tests should be skipped when testing console-operator\n2094152 - Alerts in the virtualization overview status card aren\u0027t filtered\n2094196 - Add default and validating webhooks for Power VS MAPI\n2094227 - Topology: Create Service Binding should not be the last option (even under delete)\n2094239 - custom pool Nodes with 0 nodes are always populated in progress bar\n2094303 - If og is configured with sa, operator installation will be failed. \n2094335 - [Nutanix] - debug logs are enabled by default in machine-controller\n2094342 - apirequests limits of Cluster CAPI Operator are too low for Azure platform\n2094438 - Make AWS URL parsing more lenient for GetNodeEgressIPConfiguration\n2094525 - Allow automatic upgrades for efs operator\n2094532 - ovn-windows CI jobs are broken\n2094675 - PTP Dual Nic  | Extend Events 4.11 - when kill the phc2sys We have notification for the ptp4l physical master moved to free run\n2094694 - [Nutanix] No cluster name sanity validation - cluster name with a dot (\".\") character\n2094704 - Verbose log activated on kube-rbac-proxy in deployment prometheus-k8s\n2094801 - Kuryr controller keep restarting when handling IPs with leading zeros\n2094806 - Machine API oVrit component should use K8s 1.24 dependencies\n2094816 - Kuryr controller restarts when over quota\n2094833 - Repository overview page does not show default PipelineRun template for developer user\n2094857 - CloudShellTerminal loops indefinitely if DevWorkspace CR goes into failed state\n2094864 - Rebase CAPG to latest changes\n2094866 - oc-mirror does not always delete all manifests associated with an image during pruning\n2094896 - Run \u0027openshift-install agent create image\u0027 has segfault exception if cluster-manifests directory missing\n2094902 - Fix installer cross-compiling\n2094932 - MGMT-10403 Ingress should enable single-node cluster expansion on upgraded clusters\n2095049 - managed-csi StorageClass does not create PVs\n2095071 - Backend tests fails after devfile registry update\n2095083 - Observe \u003e Dashboards: Graphs may change a lot on automatic refresh\n2095110 - [ovn] northd container termination script must use bash\n2095113 - [ovnkube] bump to openvswitch2.17-2.17.0-22.el8fdp\n2095226 - Added changes to verify cloud connection and dhcpservices quota of a powervs instance\n2095229 - ingress-operator pod in CrashLoopBackOff in 4.11 after upgrade starting in 4.6 due to go panic\n2095231 - Kafka Sink sidebar in topology is empty\n2095247 - Event sink form doesn\u0027t show channel as sink until app is refreshed\n2095248 - [vSphere-CSI-Driver] does not report volume count limits correctly caused pod with multi volumes maybe schedule to not satisfied volume count node\n2095256 - Samples Owner needs to be Updated\n2095264 - ovs-configuration.service fails with Error: Failed to modify connection \u0027ovs-if-br-ex\u0027: failed to update connection: error writing to file \u0027/etc/NetworkManager/systemConnectionsMerged/ovs-if-br-ex.nmconnection\u0027\n2095362 - oVirt CSI driver operator should use latest go-ovirt-client\n2095574 - e2e-agnostic CI job fails\n2095687 - Debug Container shown for build logs and on click ui breaks\n2095703 - machinedeletionhooks doesn\u0027t work in vsphere cluster and BM cluster\n2095716 - New PSA component for Pod Security Standards enforcement is refusing openshift-operators ns\n2095756 - CNO panics with concurrent map read/write\n2095772 - Memory requests for ovnkube-master containers are over-sized\n2095917 - Nutanix set osDisk with diskSizeGB rather than diskSizeMiB\n2095941 - DNS Traffic not kept local to zone or node when Calico SDN utilized\n2096053 - Builder Image icons in Git Import flow are hard to see in Dark mode\n2096226 - crio fails to bind to tentative IP, causing service failure since RHOCS was rebased on RHEL 8.6\n2096315 - NodeClockNotSynchronising alert\u0027s severity should be critical\n2096350 - Web console doesn\u0027t display webhook errors for upgrades\n2096352 - Collect whole journal in gather\n2096380 - acm-simple-kmod references deprecated KVC example\n2096392 - Topology node icons are not properly visible in Dark mode\n2096394 - Add page Card items background color does not match with column background color in Dark mode\n2096413 - br-ex not created due to default bond interface having a different mac address than expected\n2096496 - FIPS issue on OCP SNO with RT Kernel via performance profile\n2096605 - [vsphere] no validation checking for diskType\n2096691 - [Alibaba 4.11] Specifying ResourceGroup id in install-config.yaml, New pv are still getting created to default ResourceGroups\n2096855 - `oc adm release new` failed with error when use  an existing  multi-arch release image as input\n2096905 - Openshift installer should not use the prism client embedded in nutanix terraform provider\n2096908 - Dark theme issue in pipeline builder, Helm rollback form, and Git import\n2097000 - KafkaConnections disappear from Topology after creating KafkaSink in Topology\n2097043 - No clean way to specify operand issues to KEDA OLM operator\n2097047 - MetalLB:  matchExpressions used in CR like L2Advertisement, BGPAdvertisement, BGPPeers allow duplicate entries\n2097067 - ClusterVersion history pruner does not always retain initial completed update entry\n2097153 - poor performance on API call to vCenter ListTags with thousands of tags\n2097186 - PSa autolabeling in 4.11 env upgraded from 4.10 does not work due to missing RBAC objects\n2097239 - Change Lower CPU limits for Power VS cloud\n2097246 - Kuryr: verify and unit jobs failing due to upstream OpenStack dropping py36 support\n2097260 - openshift-install create manifests failed for Power VS platform\n2097276 - MetalLB CI deploys the operator via manifests and not using the csv\n2097282 - chore: update external-provisioner to the latest upstream release\n2097283 - chore: update external-snapshotter to the latest upstream release\n2097284 - chore: update external-attacher to the latest upstream release\n2097286 - chore: update node-driver-registrar to the latest upstream release\n2097334 - oc plugin help shows \u0027kubectl\u0027\n2097346 - Monitoring must-gather doesn\u0027t seem to be working anymore in 4.11\n2097400 - Shared Resource CSI Driver needs additional permissions for validation webhook\n2097454 - Placeholder bug for OCP 4.11.0 metadata release\n2097503 - chore: rebase against latest external-resizer\n2097555 - IngressControllersNotUpgradeable: load balancer service has been modified; changes must be reverted before upgrading\n2097607 - Add Power VS support to Webhooks tests in actuator e2e test\n2097685 - Ironic-agent can\u0027t restart because of existing container\n2097716 - settings under httpConfig is dropped with AlertmanagerConfig v1beta1\n2097810 - Required Network tools missing for Testing e2e PTP\n2097832 - clean up unused IPv6DualStackNoUpgrade feature gate\n2097940 - openshift-install destroy cluster traps if vpcRegion not specified\n2097954 - 4.11 installation failed at monitoring and network clusteroperators with error \"conmon: option parsing failed: Unknown option --log-global-size-max\" making all jobs failing\n2098172 - oc-mirror does not validatethe registry in the storage config\n2098175 - invalid license in python-dataclasses-0.8-2.el8 spec\n2098177 - python-pint-0.10.1-2.el8 has unused Patch0 in spec file\n2098242 - typo in SRO specialresourcemodule\n2098243 - Add error check to Platform create for Power VS\n2098392 - [OCP 4.11] Ironic cannot match \"wwn\" rootDeviceHint for a multipath device\n2098508 - Control-plane-machine-set-operator report panic\n2098610 - No need to check the push permission with ?manifests-only option\n2099293 - oVirt cluster API provider should use latest go-ovirt-client\n2099330 - Edit application grouping is shown to user with view only access in a cluster\n2099340 - CAPI e2e tests for AWS are missing\n2099357 - ovn-kubernetes needs explicit RBAC coordination leases for 1.24 bump\n2099358 - Dark mode+Topology update: Unexpected selected+hover border and background colors for app groups\n2099528 - Layout issue: No spacing in delete modals\n2099561 - Prometheus returns HTTP 500 error on /favicon.ico\n2099582 - Format and update Repository overview content\n2099611 - Failures on etcd-operator watch channels\n2099637 - Should print error when use --keep-manifest-list\\xfalse for manifestlist image\n2099654 - Topology performance: Endless rerender loop when showing a Http EventSink (KameletBinding)\n2099668 - KubeControllerManager should degrade when GC stops working\n2099695 - Update CAPG after rebase\n2099751 - specialresourcemodule stacktrace while looping over build status\n2099755 - EgressIP node\u0027s mgmtIP reachability configuration option\n2099763 - Update icons for event sources and sinks in topology, Add page, and context menu\n2099811 - UDP Packet loss in OpenShift using IPv6 [upcall]\n2099821 - exporting a pointer for the loop variable\n2099875 - The speaker won\u0027t start if there\u0027s another component on the host listening on 8080\n2099899 - oc-mirror looks for layers in the wrong repository when searching for release images during publishing\n2099928 - [FJ OCP4.11 Bug]: Add unit tests to image_customization_test file\n2099968 - [Azure-File-CSI] failed to provisioning volume in ARO cluster\n2100001 - Sync upstream v1.22.0 downstream\n2100007 - Run bundle-upgrade failed from the traditional File-Based Catalog installed operator\n2100033 - OCP 4.11 IPI - Some csr remain \"Pending\" post deployment\n2100038 - failure to update special-resource-lifecycle table during update Event\n2100079 - SDN needs explicit RBAC coordination leases for 1.24 bump\n2100138 - release info --bugs has no differentiator between Jira and Bugzilla\n2100155 - kube-apiserver-operator should raise an alert when there is a Pod Security admission violation\n2100159 - Dark theme: Build icon for pending status is not inverted in topology sidebar\n2100323 - Sqlit-based catsrc cannot be ready due to \"Error: open ./db-xxxx: permission denied\"\n2100347 - KASO retains old config values when switching from Medium/Default to empty worker latency profile\n2100356 - Remove Condition tab and create option from console as it is deprecated in OSP-1.8\n2100439 - [gce-pd] GCE PD in-tree storage plugin tests not running\n2100496 - [OCPonRHV]-oVirt API returns affinity groups without a description field\n2100507 - Remove redundant log lines from obj_retry.go\n2100536 - Update API to allow EgressIP node reachability check\n2100601 - Update CNO to allow EgressIP node reachability check\n2100643 - [Migration] [GCP]OVN can not rollback to SDN\n2100644 - openshift-ansible FTBFS on RHEL8\n2100669 - Telemetry should not log the full path if it contains a username\n2100749 - [OCP 4.11] multipath support needs multipath modules\n2100825 - Update machine-api-powervs go modules to latest version\n2100841 - tiny openshift-install usability fix for setting KUBECONFIG\n2101460 - An etcd member for a new machine was never added to the cluster\n2101498 - Revert Bug 2082599: add upper bound to number of failed attempts\n2102086 - The base image is still 4.10 for operator-sdk 1.22\n2102302 - Dummy bug for 4.10 backports\n2102362 - Valid regions should be allowed in GCP install config\n2102500 - Kubernetes NMState pods can not evict due to PDB on an SNO cluster\n2102639 - Drain happens before other image-registry pod is ready to service requests, causing disruption\n2102782 - topolvm-controller get into CrashLoopBackOff few minutes after install\n2102834 - [cloud-credential-operator]container has runAsNonRoot and image will run as root\n2102947 - [VPA] recommender is logging errors for pods with init containers\n2103053 - [4.11] Backport Prow CI improvements from master\n2103075 - Listing secrets in all namespaces with a specific labelSelector does not work properly\n2103080 - br-ex not created due to default bond interface having a different mac address than expected\n2103177 - disabling ipv6 router advertisements using \"all\" does not disable it on secondary interfaces\n2103728 - Carry HAProxy patch \u0027BUG/MEDIUM: h2: match absolute-path not path-absolute for :path\u0027\n2103749 - MachineConfigPool is not getting updated\n2104282 - heterogeneous arch: oc adm extract encodes arch specific release payload pullspec rather than the manifestlisted pullspec\n2104432 - [dpu-network-operator] Updating images to be consistent with ART\n2104552 - kube-controller-manager operator 4.11.0-rc.0 degraded on disabled monitoring stack\n2104561 - 4.10 to 4.11 update: Degraded node: unexpected on-disk state: mode mismatch for file: \"/etc/crio/crio.conf.d/01-ctrcfg-pidsLimit\"; expected: -rw-r--r--/420/0644; received: ----------/0/0\n2104589 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce\n2104701 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes\n2104717 - NetworkPolicies: ovnkube-master pods crashing due to panic: \"invalid memory address or nil pointer dereference\"\n2104727 - Bootstrap node should honor http proxy\n2104906 - Uninstall fails with Observed a panic: runtime.boundsError\n2104951 - Web console doesn\u0027t display webhook errors for upgrades\n2104991 - Completed pods may not be correctly cleaned up\n2105101 - NodeIP is used instead of EgressIP if egressPod is recreated within 60 seconds\n2105106 - co/node-tuning: Waiting for 15/72 Profiles to be applied\n2105146 - Degraded=True noise with: UpgradeBackupControllerDegraded: unable to retrieve cluster version, no completed update was found in cluster version status history\n2105167 - BuildConfig throws error when using a label with a / in it\n2105334 - vmware-vsphere-csi-driver-controller can\u0027t use host port error on e2e-vsphere-serial\n2105382 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator\n2105468 - The ccoctl does not seem to know how to leverage the VMs service account to talk to GCP APIs. \n2105937 - telemeter golangci-lint outdated blocking ART PRs that update to Go1.18\n2106051 - Unable to deploy acm-ice using latest SRO 4.11 build\n2106058 - vSphere defaults to SecureBoot on; breaks installation of out-of-tree drivers [4.11.0]\n2106062 - [4.11] Bootimage bump tracker\n2106116 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as \"0abc\"\n2106163 - Samples ImageStreams vs. registry.redhat.io: unsupported: V2 schema 1 manifest digests are no longer supported for image pulls\n2106313 - bond-cni: backport bond-cni GA items to 4.11\n2106543 - Typo in must-gather release-4.10\n2106594 - crud/other-routes.spec.ts Cypress test failing at a high rate in CI\n2106723 - [4.11] Upgrade from 4.11.0-rc0 -\u003e 4.11.0-rc.1 failed. rpm-ostree status shows No space left on device\n2106855 - [4.11.z] externalTrafficPolicy=Local is not working in local gateway mode if ovnkube-node is restarted\n2107493 - ReplicaSet prometheus-operator-admission-webhook has timed out progressing\n2107501 - metallb greenwave tests failure\n2107690 - Driver Container builds fail with \"error determining starting point for build: no FROM statement found\"\n2108175 - etcd backup seems to not be triggered in 4.10.18--\u003e4.10.20 upgrade\n2108617 - [oc adm release] extraction of the installer against a manifestlisted payload referenced by tag leads to a bad release image reference\n2108686 - rpm-ostreed: start limit hit easily\n2110505 - [Upgrade]deployment openshift-machine-api/machine-api-operator has a replica failure FailedCreate\n2110715 - openshift-controller-manager(-operator) namespace should clear run-level annotations\n2111055 - dummy bug for 4.10.z bz2110938\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25009\nhttps://access.redhat.com/security/cve/CVE-2018-25010\nhttps://access.redhat.com/security/cve/CVE-2018-25012\nhttps://access.redhat.com/security/cve/CVE-2018-25013\nhttps://access.redhat.com/security/cve/CVE-2018-25014\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-17541\nhttps://access.redhat.com/security/cve/CVE-2020-19131\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-28493\nhttps://access.redhat.com/security/cve/CVE-2020-35492\nhttps://access.redhat.com/security/cve/CVE-2020-36330\nhttps://access.redhat.com/security/cve/CVE-2020-36331\nhttps://access.redhat.com/security/cve/CVE-2020-36332\nhttps://access.redhat.com/security/cve/CVE-2021-3481\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3634\nhttps://access.redhat.com/security/cve/CVE-2021-3672\nhttps://access.redhat.com/security/cve/CVE-2021-3695\nhttps://access.redhat.com/security/cve/CVE-2021-3696\nhttps://access.redhat.com/security/cve/CVE-2021-3697\nhttps://access.redhat.com/security/cve/CVE-2021-3737\nhttps://access.redhat.com/security/cve/CVE-2021-4115\nhttps://access.redhat.com/security/cve/CVE-2021-4156\nhttps://access.redhat.com/security/cve/CVE-2021-4189\nhttps://access.redhat.com/security/cve/CVE-2021-20095\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-23566\nhttps://access.redhat.com/security/cve/CVE-2021-23648\nhttps://access.redhat.com/security/cve/CVE-2021-25219\nhttps://access.redhat.com/security/cve/CVE-2021-31535\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-38185\nhttps://access.redhat.com/security/cve/CVE-2021-38593\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-41617\nhttps://access.redhat.com/security/cve/CVE-2021-42771\nhttps://access.redhat.com/security/cve/CVE-2021-43527\nhttps://access.redhat.com/security/cve/CVE-2021-43818\nhttps://access.redhat.com/security/cve/CVE-2021-44225\nhttps://access.redhat.com/security/cve/CVE-2021-44906\nhttps://access.redhat.com/security/cve/CVE-2022-0235\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-1012\nhttps://access.redhat.com/security/cve/CVE-2022-1215\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-1706\nhttps://access.redhat.com/security/cve/CVE-2022-1729\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-24903\nhttps://access.redhat.com/security/cve/CVE-2022-24921\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-26691\nhttps://access.redhat.com/security/cve/CVE-2022-26945\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-28733\nhttps://access.redhat.com/security/cve/CVE-2022-28734\nhttps://access.redhat.com/security/cve/CVE-2022-28735\nhttps://access.redhat.com/security/cve/CVE-2022-28736\nhttps://access.redhat.com/security/cve/CVE-2022-28737\nhttps://access.redhat.com/security/cve/CVE-2022-29162\nhttps://access.redhat.com/security/cve/CVE-2022-29810\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-30321\nhttps://access.redhat.com/security/cve/CVE-2022-30322\nhttps://access.redhat.com/security/cve/CVE-2022-30323\nhttps://access.redhat.com/security/cve/CVE-2022-32250\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYvOfk9zjgjWX9erEAQhJ/w//UlbBGKBBFBAyfEmQf9Zu0yyv6MfZW0Zl\niO1qXVIl9UQUFjTY5ejerx7cP8EBWLhKaiiqRRjbjtj+w+ENGB4LLj6TEUrSM5oA\nYEmhnX3M+GUKF7Px61J7rZfltIOGhYBvJ+qNZL2jvqz1NciVgI4/71cZWnvDbGpa\n02w3Dn0JzhTSR9znNs9LKcV/anttJ3NtOYhqMXnN8EpKdtzQkKRazc7xkOTxfxyl\njRiER2Z0TzKDE6dMoVijS2Sv5j/JF0LRwetkZl6+oh8ehKh5GRV3lPg3eVkhzDEo\n/gp0P9GdLMHi6cS6uqcREbod//waSAa7cssgULoycFwjzbDK3L2c+wMuWQIgXJca\nRYuP6wvrdGwiI1mgUi/226EzcZYeTeoKxnHkp7AsN9l96pJYafj0fnK1p9NM/8g3\njBE/W4K8jdDNVd5l1Z5O0Nyxk6g4P8MKMe10/w/HDXFPSgufiCYIGX4TKqb+ESIR\nSuYlSMjoGsB4mv1KMDEUJX6d8T05lpEwJT0RYNdZOouuObYMtcHLpRQHH9mkj86W\npHdma5aGG/mTMvSMW6l6L05uT41Azm6fVimTv+E5WvViBni2480CVH+9RexKKSyL\nXcJX1gaLdo+72I/gZrtT+XE5tcJ3Sf5fmfsenQeY4KFum/cwzbM6y7RGn47xlEWB\nxBWKPzRxz0Q=9r0B\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2536 - Setting up ODF S3 for loki\nLOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator\nLOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `\nLOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with \u0027http\u0027\nLOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows \"active_primary\" instead of \"active\" shards. \nLOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle. \nLOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor Linux, UNIX, and similar operating systems. \n\nSecurity Fix(es):\n\n* cups: authorization bypass when using \"local\" authorization\n(CVE-2022-26691)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the cupsd service will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n2084321 - CVE-2022-26691 cups: authorization bypass when using \"local\" authorization\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream EUS (v. 8.2):\n\naarch64:\ncups-2.2.6-33.el8_2.1.aarch64.rpm\ncups-client-2.2.6-33.el8_2.1.aarch64.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm\ncups-devel-2.2.6-33.el8_2.1.aarch64.rpm\ncups-ipptool-2.2.6-33.el8_2.1.aarch64.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-lpd-2.2.6-33.el8_2.1.aarch64.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\n\nnoarch:\ncups-filesystem-2.2.6-33.el8_2.1.noarch.rpm\n\nppc64le:\ncups-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-client-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-devel-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-ipptool-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-lpd-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\n\ns390x:\ncups-2.2.6-33.el8_2.1.s390x.rpm\ncups-client-2.2.6-33.el8_2.1.s390x.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-debugsource-2.2.6-33.el8_2.1.s390x.rpm\ncups-devel-2.2.6-33.el8_2.1.s390x.rpm\ncups-ipptool-2.2.6-33.el8_2.1.s390x.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-lpd-2.2.6-33.el8_2.1.s390x.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\n\nx86_64:\ncups-2.2.6-33.el8_2.1.x86_64.rpm\ncups-client-2.2.6-33.el8_2.1.x86_64.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-debugsource-2.2.6-33.el8_2.1.i686.rpm\ncups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm\ncups-devel-2.2.6-33.el8_2.1.i686.rpm\ncups-devel-2.2.6-33.el8_2.1.x86_64.rpm\ncups-ipptool-2.2.6-33.el8_2.1.x86_64.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-lpd-2.2.6-33.el8_2.1.x86_64.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS EUS (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes\n2038898 - [UI] ?Update Repository? option not getting disabled after adding the Replication Repository details to the MTC web console\n2040693 - ?Replication repository? wizard has no validation for name length\n2040695 - [MTC UI] ?Add Cluster? wizard stucks when the cluster name length is more than 63 characters\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048537 - Exposed route host to image registry? connecting successfully to invalid registry ?xyz.com?\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2055658 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings\n2056962 - [MTC UI] UI shows the wrong migration type info after changing the target namespace\n2058172 - [MTC UI] Successful Rollback is not showing the green success icon in the ?Last State? field. \n2058529 - [MTC UI] Migrations Plan is missing the type for the state migration performed before upgrade\n2061335 - [MTC UI] ?Update cluster? button is not getting disabled\n2062266 - MTC UI does not display logs properly [OADP-BL]\n2062862 - [MTC UI] Clusters page behaving unexpectedly on deleting the remote cluster?s service account secret from backend\n2074675 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x\n2076593 - Velero pod log missing from UI  drop down\n2076599 - Velero pod log missing from downloaded logs folder [OADP-BL]\n2078459 - [MTC UI] Storageclass conversion plan is adding migstorage reference in migplan\n2079252 - [MTC]  Rsync options logs not visible in log-reader pod\n2082221 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [UI]\n2082225 - non-numeric user when launching stage pods [OADP-BL]\n2088022 - Default CPU requests on Velero/Restic are too demanding making scheduling fail in certain environments\n2088026 - Cloud propagation phase in migration controller is not doing anything due to missing labels on Velero pods\n2089126 - [MTC] Migration controller cannot find Velero Pod because of wrong labels\n2089411 - [MTC] Log reader pod is missing velero and restic pod logs [OADP-BL]\n2089859 - [Crane] DPA CR is missing the required flag - Migration is getting failed at the EnsureCloudSecretPropagated phase due to the missing secret VolumeMounts\n2090317 - [MTC] mig-operator failed to create a DPA CR due to null values are passed instead of int [OADP-BL]\n2096939 - Fix legacy operator.yml inconsistencies and errors\n2100486 - [MTC UI] Target storage class field is not getting respected when clusters don\u0027t have replication repo configured",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26691"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787"
      },
      {
        "db": "VULHUB",
        "id": "VHN-417360"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26691"
      },
      {
        "db": "PACKETSTORM",
        "id": "167510"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "167338"
      },
      {
        "db": "PACKETSTORM",
        "id": "168042"
      },
      {
        "db": "PACKETSTORM",
        "id": "167845"
      },
      {
        "db": "PACKETSTORM",
        "id": "167501"
      },
      {
        "db": "PACKETSTORM",
        "id": "167512"
      },
      {
        "db": "PACKETSTORM",
        "id": "167514"
      },
      {
        "db": "PACKETSTORM",
        "id": "167679"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-26691",
        "trust": 4.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-046-11",
        "trust": 0.9
      },
      {
        "db": "PACKETSTORM",
        "id": "167514",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167338",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167845",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "168228",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91198149",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167332",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022053129",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022052626",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022053018",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072010",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070643",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060108",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2675",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4324",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3977",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2609",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3236",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4149",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "167501",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167512",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167510",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167507",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-417360",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26691",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168042",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167679",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417360"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26691"
      },
      {
        "db": "PACKETSTORM",
        "id": "167510"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "167338"
      },
      {
        "db": "PACKETSTORM",
        "id": "168042"
      },
      {
        "db": "PACKETSTORM",
        "id": "167845"
      },
      {
        "db": "PACKETSTORM",
        "id": "167501"
      },
      {
        "db": "PACKETSTORM",
        "id": "167512"
      },
      {
        "db": "PACKETSTORM",
        "id": "167514"
      },
      {
        "db": "PACKETSTORM",
        "id": "167679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26691"
      }
    ]
  },
  "id": "VAR-202205-1953",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417360"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:14:47.340000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT213184 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html"
      },
      {
        "title": "Apple macOS Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195379"
      },
      {
        "title": "Debian CVElist Bug Report Logs: cups: CVE-2022-26691: authorization bypass when using \"local\" authorization",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4083971026961f67214911abf1061c00"
      },
      {
        "title": "Debian Security Advisories: DSA-5149-1 cups -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c3e2a8a674123f96fd928688add2133"
      },
      {
        "title": "Red Hat: Important: cups security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225057 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: cups security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225055 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: cups security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225056 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: cups security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225054 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: cups security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224990 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: USN-5454-2: CUPS vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5454-2"
      },
      {
        "title": "Ubuntu Security Notice: USN-5454-1: CUPS vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5454-1"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-108",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-108"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-203",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-203"
      },
      {
        "title": "Red Hat: Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225556 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226290 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226430 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225483 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225069 - Security Advisory"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-26691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-697",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate comparison (CWE-697) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-269",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26691"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.9,
        "url": "https://www.debian.org/security/2022/dsa-5149"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/openprinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0026/mndt-2022-0026.md"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht213183"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht213184"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht213185"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26691"
      },
      {
        "trust": 1.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26691"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kq6td7f3vritpehfdhzhk7mu6febmz5u/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yqrit4h75xv6m42k7ztarwz7yllyqhpo/"
      },
      {
        "trust": 0.9,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kq6td7f3vritpehfdhzhk7mu6febmz5u/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yqrit4h75xv6m42k7ztarwz7yllyqhpo/"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-26691/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022052626"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3977"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167332/ubuntu-security-notice-usn-5454-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167845/red-hat-security-advisory-2022-5556-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168228/red-hat-security-advisory-2022-6290-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/cups-privilege-escalation-via-local-authorization-certificate-strings-comparison-38451"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2609"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060108"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167338/ubuntu-security-notice-usn-5454-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167514/red-hat-security-advisory-2022-4990-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022053018"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070643"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2675"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3236"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022053129"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1271"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3634"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-40528"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-29824"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5454-2"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-28327"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-21698"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-24675"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0235"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27776"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-41617"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27774"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-4189"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1629"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-19131"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35492"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1621"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27782"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3737"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22576"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25032"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/697.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011769"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/al2022/alas-2022-108.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28327"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5454-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36084"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36085"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43818"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36331"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26945"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38593"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20095"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25014"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25009"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3481"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3580"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24921"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23648"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/util-linux/util-linux/commit/eab90ef8d4f66394285e0cff1dfc0a27242c05aa"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24370"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4156"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5069"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27191"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29162"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3672"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-42771"
      },
      {
        "trust": 0.1,
        "url": "https://10.0.0.7:2379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-17541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3697"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36087"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1706"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28734"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44906"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3695"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17595"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36086"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41190"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29810"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4115"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31535"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28493"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13435"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30323"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27666"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5556"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5055"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5054"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:4990"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21781"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4157"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3744"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27820"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0536"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1011"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1154"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3759"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4083"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45486"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37159"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4788"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3669"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45485"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-4788"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4002"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41864"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21781"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43976"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0002"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4203"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0941"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43389"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-19131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0941"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26401"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23852"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27820"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44733"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3612"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-42739"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-26401"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0404"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417360"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26691"
      },
      {
        "db": "PACKETSTORM",
        "id": "167510"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "167338"
      },
      {
        "db": "PACKETSTORM",
        "id": "168042"
      },
      {
        "db": "PACKETSTORM",
        "id": "167845"
      },
      {
        "db": "PACKETSTORM",
        "id": "167501"
      },
      {
        "db": "PACKETSTORM",
        "id": "167512"
      },
      {
        "db": "PACKETSTORM",
        "id": "167514"
      },
      {
        "db": "PACKETSTORM",
        "id": "167679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26691"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-417360",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26691",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167510",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168228",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167338",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168042",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167845",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167501",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167512",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167514",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167679",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4149",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26691",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-05-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-417360",
        "ident": null
      },
      {
        "date": "2022-05-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-26691",
        "ident": null
      },
      {
        "date": "2022-06-20T00:43:44",
        "db": "PACKETSTORM",
        "id": "167510",
        "ident": null
      },
      {
        "date": "2022-09-01T16:34:06",
        "db": "PACKETSTORM",
        "id": "168228",
        "ident": null
      },
      {
        "date": "2022-06-01T17:06:37",
        "db": "PACKETSTORM",
        "id": "167338",
        "ident": null
      },
      {
        "date": "2022-08-10T15:56:22",
        "db": "PACKETSTORM",
        "id": "168042",
        "ident": null
      },
      {
        "date": "2022-07-27T17:28:30",
        "db": "PACKETSTORM",
        "id": "167845",
        "ident": null
      },
      {
        "date": "2022-06-20T00:29:28",
        "db": "PACKETSTORM",
        "id": "167501",
        "ident": null
      },
      {
        "date": "2022-06-20T00:45:59",
        "db": "PACKETSTORM",
        "id": "167512",
        "ident": null
      },
      {
        "date": "2022-06-20T00:46:30",
        "db": "PACKETSTORM",
        "id": "167514",
        "ident": null
      },
      {
        "date": "2022-07-01T15:04:32",
        "db": "PACKETSTORM",
        "id": "167679",
        "ident": null
      },
      {
        "date": "2022-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-4149",
        "ident": null
      },
      {
        "date": "2023-08-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-011787",
        "ident": null
      },
      {
        "date": "2022-05-26T18:15:09.340000",
        "db": "NVD",
        "id": "CVE-2022-26691",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-417360",
        "ident": null
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-26691",
        "ident": null
      },
      {
        "date": "2022-09-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-4149",
        "ident": null
      },
      {
        "date": "2024-02-19T06:47:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-011787",
        "ident": null
      },
      {
        "date": "2024-11-21T06:54:19.673000",
        "db": "NVD",
        "id": "CVE-2022-26691",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4149"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "macOS\u00a0 Improper Comparison Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011787"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4149"
      }
    ],
    "trust": 0.6
  }
}

VAR-202201-0424

Vulnerability from variot - Updated: 2026-04-10 23:12

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. plural Apple The product contains an input validation vulnerability.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256.

AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778

TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher

Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444

Additional recognition

Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================

Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source: webkit2gtk3-2.34.6-1.el8.src.rpm

aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm

ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm

s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm

x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

For the oldstable distribution (buster), these problems have been fixed in version 2.34.6-1~deb10u1.

For the stable distribution (bullseye), these problems have been fixed in version 2.34.6-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages. ========================================================================== Ubuntu Security Notice USN-5306-1 February 28, 2022

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 21.10
Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in WebKitGTK. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.34.6-0ubuntu0.21.10.1 libwebkit2gtk-4.0-37 2.34.6-0ubuntu0.21.10.1

Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.34.6-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.34.6-0ubuntu0.20.04.1

Alternatively, on your watch, select "My Watch > General > About".

PackageKit We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance. CVE-2022-22578: an anonymous researcher

iCloud Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)

WebKit Storage Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.

Installation note:

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.3"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.3"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6.6"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.3"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.2"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.3"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "safari",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22589"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167188"
      },
      {
        "db": "PACKETSTORM",
        "id": "165776"
      },
      {
        "db": "PACKETSTORM",
        "id": "165772"
      },
      {
        "db": "PACKETSTORM",
        "id": "165771"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2022-22589",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-22589",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-411217",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-22589",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-22589",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22589",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22589",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "VULHUB",
            "id": "VHN-411217",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22589",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22589"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22589"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. plural Apple The product contains an input validation vulnerability.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\n\nmacOS Big Sur 11.6.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213256. \n\napache\nAvailable for: macOS Big Sur\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleAVD\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2022-22675: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nCoreTypes\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2022-22674: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibresolv\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\n\nLibreSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPrinting\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Big Sur\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nVim\nAvailable for: macOS Big Sur\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nmacOS Big Sur 11.6.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er\nK8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW\nqtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/\nvZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP\nyXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj\nSY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR\nVZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF\naC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc\nR2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO\nzymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4\nd22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=\n=rtPl\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2022:1777-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1777\nIssue date:        2022-05-10\nCVE Names:         CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n                   CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n                   CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n                   CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n                   CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n                   CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n                   CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n                   CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n                   CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n                   CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.6-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.6-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. ==========================================================================\nUbuntu Security Notice USN-5306-1\nFebruary 28, 2022\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n  libjavascriptcoregtk-4.0-18     2.34.6-0ubuntu0.21.10.1\n  libwebkit2gtk-4.0-37            2.34.6-0ubuntu0.21.10.1\n\nUbuntu 20.04 LTS:\n  libjavascriptcoregtk-4.0-18     2.34.6-0ubuntu0.20.04.1\n  libwebkit2gtk-4.0-37            2.34.6-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nPackageKit\nWe would like to acknowledge Mickey Jin (@patch1t), Mickey Jin\n(@patch1t) of Trend Micro for their assistance. \nCVE-2022-22578: an anonymous researcher\n\niCloud\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to access a user\u0027s files\nDescription: An issue existed within the path validation logic for\nsymlinks. \nCVE-2022-22590: Toan Pham from Team Orca of Sea Security\n(security.sea.com)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may prevent\nContent Security Policy from being enforced\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22592: Prakash (@1lastBr3ath)\n\nWebKit Storage\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A website may be able to track sensitive user information\nDescription: A cross-origin issue in the IndexDB API was addressed\nwith improved input validation. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22589"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22589"
      },
      {
        "db": "PACKETSTORM",
        "id": "167188"
      },
      {
        "db": "PACKETSTORM",
        "id": "167037"
      },
      {
        "db": "PACKETSTORM",
        "id": "169229"
      },
      {
        "db": "PACKETSTORM",
        "id": "166164"
      },
      {
        "db": "PACKETSTORM",
        "id": "165776"
      },
      {
        "db": "PACKETSTORM",
        "id": "165772"
      },
      {
        "db": "PACKETSTORM",
        "id": "165771"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-411217",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411217"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22589",
        "trust": 3.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167188",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165772",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165771",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167037",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166164",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165776",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165777",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168226",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167189",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165775",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-411217",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22589",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169229",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22589"
      },
      {
        "db": "PACKETSTORM",
        "id": "167188"
      },
      {
        "db": "PACKETSTORM",
        "id": "167037"
      },
      {
        "db": "PACKETSTORM",
        "id": "169229"
      },
      {
        "db": "PACKETSTORM",
        "id": "166164"
      },
      {
        "db": "PACKETSTORM",
        "id": "165776"
      },
      {
        "db": "PACKETSTORM",
        "id": "165772"
      },
      {
        "db": "PACKETSTORM",
        "id": "165771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22589"
      }
    ]
  },
  "id": "VAR-202201-0424",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411217"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:12:13.994000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT213255 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT213053"
      },
      {
        "title": "Debian Security Advisories: DSA-5084-1 wpewebkit -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fad7bdb7356c54203c2fb7db9019fb4f"
      },
      {
        "title": "Debian Security Advisories: DSA-5083-1 webkit2gtk -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1e1726cb3c6d9dabbfb6d6be4668f64f"
      },
      {
        "title": "Apple: iOS 15.3 and iPadOS 15.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=05e71c916b30e0c013cc3ece80cc9189"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22589"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22589"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.0,
        "url": "https://security.gentoo.org/glsa/202208-39"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/kb/ht213185"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/kb/ht213255"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/kb/ht213256"
      },
      {
        "trust": 1.2,
        "url": "http://seclists.org/fulldisclosure/2022/may/35"
      },
      {
        "trust": 1.2,
        "url": "http://seclists.org/fulldisclosure/2022/may/33"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht213053"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht213054"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht213057"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht213058"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht213059"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
      },
      {
        "trust": 0.4,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22592"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22584"
      },
      {
        "trust": 0.3,
        "url": "https://xlab.tencent.com)"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22594"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22593"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22585"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22578"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22587"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22579"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2022/jan/85"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/2022/dsa-5084"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213256."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22592"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22637"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30809"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30890"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30888"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30887"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30952"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30897"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30936"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22594"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30848"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30849"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45481"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30818"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30951"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22589"
      },
      {
        "trust": 0.1,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30953"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30984"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30954"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22590"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30884"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22620"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/webkit2gtk"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.6-0ubuntu0.21.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.6-0ubuntu0.20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5306-1"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213059."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22586"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213054."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22591"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22583"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213053."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22589"
      },
      {
        "db": "PACKETSTORM",
        "id": "167188"
      },
      {
        "db": "PACKETSTORM",
        "id": "167037"
      },
      {
        "db": "PACKETSTORM",
        "id": "169229"
      },
      {
        "db": "PACKETSTORM",
        "id": "166164"
      },
      {
        "db": "PACKETSTORM",
        "id": "165776"
      },
      {
        "db": "PACKETSTORM",
        "id": "165772"
      },
      {
        "db": "PACKETSTORM",
        "id": "165771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22589"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-411217",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22589",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167188",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167037",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169229",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166164",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165776",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165772",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165771",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22589",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-03-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411217",
        "ident": null
      },
      {
        "date": "2022-03-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22589",
        "ident": null
      },
      {
        "date": "2022-05-17T16:59:42",
        "db": "PACKETSTORM",
        "id": "167188",
        "ident": null
      },
      {
        "date": "2022-05-11T15:50:41",
        "db": "PACKETSTORM",
        "id": "167037",
        "ident": null
      },
      {
        "date": "2022-02-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "169229",
        "ident": null
      },
      {
        "date": "2022-02-28T16:31:29",
        "db": "PACKETSTORM",
        "id": "166164",
        "ident": null
      },
      {
        "date": "2022-01-31T15:47:07",
        "db": "PACKETSTORM",
        "id": "165776",
        "ident": null
      },
      {
        "date": "2022-01-31T15:46:05",
        "db": "PACKETSTORM",
        "id": "165772",
        "ident": null
      },
      {
        "date": "2022-01-31T15:45:47",
        "db": "PACKETSTORM",
        "id": "165771",
        "ident": null
      },
      {
        "date": "2023-07-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-008595",
        "ident": null
      },
      {
        "date": "2022-03-18T18:15:12.567000",
        "db": "NVD",
        "id": "CVE-2022-22589",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411217",
        "ident": null
      },
      {
        "date": "2023-08-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22589",
        "ident": null
      },
      {
        "date": "2023-07-28T06:05:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-008595",
        "ident": null
      },
      {
        "date": "2024-11-21T06:47:04.823000",
        "db": "NVD",
        "id": "CVE-2022-22589",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166164"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "_id": null,
    "data": "plural \u00a0Apple\u00a0 Product input verification vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008595"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "overflow, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165776"
      },
      {
        "db": "PACKETSTORM",
        "id": "165772"
      },
      {
        "db": "PACKETSTORM",
        "id": "165771"
      }
    ],
    "trust": 0.3
  }
}

VAR-202204-0855

Vulnerability from variot - Updated: 2026-04-10 23:12

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. Ruby Exists in an out-of-bounds read vulnerability.Information may be obtained. 7) - noarch, x86_64

Bug Fix(es):

rh-ruby30 ruby: User-installed rubygems plugins are not being loaded (BZ#2128629)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: ruby security, bug fix, and enhancement update Advisory ID: RHSA-2022:6585-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6585 Issue date: 2022-09-20 CVE Names: CVE-2022-28738 CVE-2022-28739 ==================================================================== 1. Summary:

An update for ruby is now available for Red Hat Enterprise Linux 9.

Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - noarch Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109428)

Security Fix(es):

Ruby: Double free in Regexp compilation (CVE-2022-28738)
Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion 2109428 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-9] [rhel-9.0.0.z]

Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source: ruby-3.0.4-160.el9_0.src.rpm

aarch64: ruby-3.0.4-160.el9_0.aarch64.rpm ruby-debuginfo-3.0.4-160.el9_0.aarch64.rpm ruby-debugsource-3.0.4-160.el9_0.aarch64.rpm ruby-devel-3.0.4-160.el9_0.aarch64.rpm ruby-libs-3.0.4-160.el9_0.aarch64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.aarch64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.aarch64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.aarch64.rpm rubygem-io-console-0.5.7-160.el9_0.aarch64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.aarch64.rpm rubygem-json-2.5.1-160.el9_0.aarch64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.aarch64.rpm rubygem-psych-3.3.2-160.el9_0.aarch64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.aarch64.rpm

noarch: ruby-default-gems-3.0.4-160.el9_0.noarch.rpm rubygem-bundler-2.2.33-160.el9_0.noarch.rpm rubygem-irb-1.3.5-160.el9_0.noarch.rpm rubygem-minitest-5.14.2-160.el9_0.noarch.rpm rubygem-power_assert-1.2.0-160.el9_0.noarch.rpm rubygem-rake-13.0.3-160.el9_0.noarch.rpm rubygem-rbs-1.4.0-160.el9_0.noarch.rpm rubygem-rdoc-6.3.3-160.el9_0.noarch.rpm rubygem-rexml-3.2.5-160.el9_0.noarch.rpm rubygem-rss-0.2.9-160.el9_0.noarch.rpm rubygem-test-unit-3.3.7-160.el9_0.noarch.rpm rubygem-typeprof-0.15.2-160.el9_0.noarch.rpm rubygems-3.2.33-160.el9_0.noarch.rpm rubygems-devel-3.2.33-160.el9_0.noarch.rpm

ppc64le: ruby-3.0.4-160.el9_0.ppc64le.rpm ruby-debuginfo-3.0.4-160.el9_0.ppc64le.rpm ruby-debugsource-3.0.4-160.el9_0.ppc64le.rpm ruby-devel-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.ppc64le.rpm rubygem-bigdecimal-3.0.0-160.el9_0.ppc64le.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.ppc64le.rpm rubygem-io-console-0.5.7-160.el9_0.ppc64le.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.ppc64le.rpm rubygem-json-2.5.1-160.el9_0.ppc64le.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.ppc64le.rpm rubygem-psych-3.3.2-160.el9_0.ppc64le.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.ppc64le.rpm

s390x: ruby-3.0.4-160.el9_0.s390x.rpm ruby-debuginfo-3.0.4-160.el9_0.s390x.rpm ruby-debugsource-3.0.4-160.el9_0.s390x.rpm ruby-devel-3.0.4-160.el9_0.s390x.rpm ruby-libs-3.0.4-160.el9_0.s390x.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.s390x.rpm rubygem-bigdecimal-3.0.0-160.el9_0.s390x.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.s390x.rpm rubygem-io-console-0.5.7-160.el9_0.s390x.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.s390x.rpm rubygem-json-2.5.1-160.el9_0.s390x.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.s390x.rpm rubygem-psych-3.3.2-160.el9_0.s390x.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.s390x.rpm

x86_64: ruby-3.0.4-160.el9_0.i686.rpm ruby-3.0.4-160.el9_0.x86_64.rpm ruby-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-debuginfo-3.0.4-160.el9_0.x86_64.rpm ruby-debugsource-3.0.4-160.el9_0.i686.rpm ruby-debugsource-3.0.4-160.el9_0.x86_64.rpm ruby-devel-3.0.4-160.el9_0.i686.rpm ruby-devel-3.0.4-160.el9_0.x86_64.rpm ruby-libs-3.0.4-160.el9_0.i686.rpm ruby-libs-3.0.4-160.el9_0.x86_64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.x86_64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.x86_64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.i686.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.x86_64.rpm rubygem-io-console-0.5.7-160.el9_0.x86_64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.i686.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.x86_64.rpm rubygem-json-2.5.1-160.el9_0.x86_64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.i686.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.x86_64.rpm rubygem-psych-3.3.2-160.el9_0.x86_64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.i686.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

noarch: ruby-doc-3.0.4-160.el9_0.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-28738 https://access.redhat.com/security/cve/CVE-2022-28739 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYypfvtzjgjWX9erEAQjaXQ/+LfzraWPwLDEBfxU87XekVmDQn/KHLw0Q TPgRpDtvfVkmSDDCEvYvvMOYSW3MdNmNJOwPhQyJT3cBrq0zHUog0ejoJO5jV3B1 rOStJ/EfwskmCVaPehhJvGfrKVr2l6Uo8SH0zrLMKBtqd42/GrO2eiDs/xxhVq5U wvgecfUQY8lfpJ25ELa/081aAe4Cg4NN7WShf7DFJ2tw+f/IguCWi+CHZoavv3AQ T7So/dbIjFJmliaPcTkvW02m+JHxNGduXJfelMXB72eyJR7/jEK7OvfE89a18yZ8 P38biUIPZFNaLW1SN62GnA8Qby6g9C/1x+pXssEQ6fo1qJPk/bW6qYfPWWM4Op5N VsTFDx7EAZRCQFnyczTcaUE7g9s4ZovK4qMqTZq9BhP25m9yisvV1jizNpSU6vMi h37/Mi0gcOOcjbtj8Nlbtx+QsHFJvOgTjDIiwPVllMpxygWjSRRnR+LBoTHCPlP2 ZG5q8MGwZAIfzKSP9Fjg58rJoiWnzyJWFLEym38lfrrjch21CtgaKm28wrKQ18PC 7GQ/A/rARWMfAKnFYEO4zF07kidgTwyVJI5RJv8b9x4vLo7/G80CVDXIYjEDP4FR 7fNpEfc9/owximR5WpTds3GfzTDSKzNonHX/oNhIaJLkQ27RTSPXORzxtAsz2a6j jbIYxx9rQto=komJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

macOS Big Sur 11.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213493.

AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)

Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022

Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022

ppp Available for: macOS Big Sur Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022

Ruby Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739

Sandbox Available for: macOS Big Sur Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher

zlib Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022

macOS Big Sur 11.7.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. CVE-2022-32862: an anonymous researcher

Additional recognition

Calendar We would like to acknowledge an anonymous researcher for their assistance. ========================================================================== Ubuntu Security Notice USN-5462-2 June 06, 2022

ruby2.3 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 ESM

Summary:

Ruby could be made to crash or read sensitive information when processing certain input. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: libruby2.3 2.3.1-2~ubuntu16.04.16+esm3 ruby2.3 2.3.1-2~ubuntu16.04.16+esm3

In general, a standard system update will make all the necessary changes

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "ruby",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ruby lang",
        "version": "3.1.2"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "ruby",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ruby lang",
        "version": "3.1.0"
      },
      {
        "_id": null,
        "model": "ruby",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ruby lang",
        "version": "2.6.10"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.7.1"
      },
      {
        "_id": null,
        "model": "ruby",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ruby lang",
        "version": "3.0.4"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6.1"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "ruby",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ruby lang",
        "version": "2.7.6"
      },
      {
        "_id": null,
        "model": "ruby",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ruby lang",
        "version": "3.0.0"
      },
      {
        "_id": null,
        "model": "ruby",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ruby lang",
        "version": "2.7.0"
      },
      {
        "_id": null,
        "model": "ruby",
        "scope": null,
        "trust": 0.8,
        "vendor": "ruby lang",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28739"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168692"
      },
      {
        "db": "PACKETSTORM",
        "id": "168445"
      },
      {
        "db": "PACKETSTORM",
        "id": "167654"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2022-28739",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-28739",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-420273",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-28739",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-28739",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-28739",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-28739",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202204-3369",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-420273",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-420273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28739"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. Ruby Exists in an out-of-bounds read vulnerability.Information may be obtained. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* rh-ruby30 ruby: User-installed rubygems plugins are not being loaded\n(BZ#2128629)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: ruby security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2022:6585-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6585\nIssue date:        2022-09-20\nCVE Names:         CVE-2022-28738 CVE-2022-28739\n====================================================================\n1. Summary:\n\nAn update for ruby is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 9) - noarch\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to perform system management tasks. \n\nThe following packages have been upgraded to a later upstream version: ruby\n(3.0.4). (BZ#2109428)\n\nSecurity Fix(es):\n\n* Ruby: Double free in Regexp compilation (CVE-2022-28738)\n\n* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation\n2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion\n2109428 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-9] [rhel-9.0.0.z]\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\nruby-3.0.4-160.el9_0.src.rpm\n\naarch64:\nruby-3.0.4-160.el9_0.aarch64.rpm\nruby-debuginfo-3.0.4-160.el9_0.aarch64.rpm\nruby-debugsource-3.0.4-160.el9_0.aarch64.rpm\nruby-devel-3.0.4-160.el9_0.aarch64.rpm\nruby-libs-3.0.4-160.el9_0.aarch64.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.aarch64.rpm\nrubygem-bigdecimal-3.0.0-160.el9_0.aarch64.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.aarch64.rpm\nrubygem-io-console-0.5.7-160.el9_0.aarch64.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.aarch64.rpm\nrubygem-json-2.5.1-160.el9_0.aarch64.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.aarch64.rpm\nrubygem-psych-3.3.2-160.el9_0.aarch64.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.aarch64.rpm\n\nnoarch:\nruby-default-gems-3.0.4-160.el9_0.noarch.rpm\nrubygem-bundler-2.2.33-160.el9_0.noarch.rpm\nrubygem-irb-1.3.5-160.el9_0.noarch.rpm\nrubygem-minitest-5.14.2-160.el9_0.noarch.rpm\nrubygem-power_assert-1.2.0-160.el9_0.noarch.rpm\nrubygem-rake-13.0.3-160.el9_0.noarch.rpm\nrubygem-rbs-1.4.0-160.el9_0.noarch.rpm\nrubygem-rdoc-6.3.3-160.el9_0.noarch.rpm\nrubygem-rexml-3.2.5-160.el9_0.noarch.rpm\nrubygem-rss-0.2.9-160.el9_0.noarch.rpm\nrubygem-test-unit-3.3.7-160.el9_0.noarch.rpm\nrubygem-typeprof-0.15.2-160.el9_0.noarch.rpm\nrubygems-3.2.33-160.el9_0.noarch.rpm\nrubygems-devel-3.2.33-160.el9_0.noarch.rpm\n\nppc64le:\nruby-3.0.4-160.el9_0.ppc64le.rpm\nruby-debuginfo-3.0.4-160.el9_0.ppc64le.rpm\nruby-debugsource-3.0.4-160.el9_0.ppc64le.rpm\nruby-devel-3.0.4-160.el9_0.ppc64le.rpm\nruby-libs-3.0.4-160.el9_0.ppc64le.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.ppc64le.rpm\nrubygem-bigdecimal-3.0.0-160.el9_0.ppc64le.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.ppc64le.rpm\nrubygem-io-console-0.5.7-160.el9_0.ppc64le.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.ppc64le.rpm\nrubygem-json-2.5.1-160.el9_0.ppc64le.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.ppc64le.rpm\nrubygem-psych-3.3.2-160.el9_0.ppc64le.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.ppc64le.rpm\n\ns390x:\nruby-3.0.4-160.el9_0.s390x.rpm\nruby-debuginfo-3.0.4-160.el9_0.s390x.rpm\nruby-debugsource-3.0.4-160.el9_0.s390x.rpm\nruby-devel-3.0.4-160.el9_0.s390x.rpm\nruby-libs-3.0.4-160.el9_0.s390x.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.s390x.rpm\nrubygem-bigdecimal-3.0.0-160.el9_0.s390x.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.s390x.rpm\nrubygem-io-console-0.5.7-160.el9_0.s390x.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.s390x.rpm\nrubygem-json-2.5.1-160.el9_0.s390x.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.s390x.rpm\nrubygem-psych-3.3.2-160.el9_0.s390x.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.s390x.rpm\n\nx86_64:\nruby-3.0.4-160.el9_0.i686.rpm\nruby-3.0.4-160.el9_0.x86_64.rpm\nruby-debuginfo-3.0.4-160.el9_0.i686.rpm\nruby-debuginfo-3.0.4-160.el9_0.x86_64.rpm\nruby-debugsource-3.0.4-160.el9_0.i686.rpm\nruby-debugsource-3.0.4-160.el9_0.x86_64.rpm\nruby-devel-3.0.4-160.el9_0.i686.rpm\nruby-devel-3.0.4-160.el9_0.x86_64.rpm\nruby-libs-3.0.4-160.el9_0.i686.rpm\nruby-libs-3.0.4-160.el9_0.x86_64.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.i686.rpm\nruby-libs-debuginfo-3.0.4-160.el9_0.x86_64.rpm\nrubygem-bigdecimal-3.0.0-160.el9_0.x86_64.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.i686.rpm\nrubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.x86_64.rpm\nrubygem-io-console-0.5.7-160.el9_0.x86_64.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.i686.rpm\nrubygem-io-console-debuginfo-0.5.7-160.el9_0.x86_64.rpm\nrubygem-json-2.5.1-160.el9_0.x86_64.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.i686.rpm\nrubygem-json-debuginfo-2.5.1-160.el9_0.x86_64.rpm\nrubygem-psych-3.3.2-160.el9_0.x86_64.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.i686.rpm\nrubygem-psych-debuginfo-3.3.2-160.el9_0.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 9):\n\nnoarch:\nruby-doc-3.0.4-160.el9_0.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-28738\nhttps://access.redhat.com/security/cve/CVE-2022-28739\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYypfvtzjgjWX9erEAQjaXQ/+LfzraWPwLDEBfxU87XekVmDQn/KHLw0Q\nTPgRpDtvfVkmSDDCEvYvvMOYSW3MdNmNJOwPhQyJT3cBrq0zHUog0ejoJO5jV3B1\nrOStJ/EfwskmCVaPehhJvGfrKVr2l6Uo8SH0zrLMKBtqd42/GrO2eiDs/xxhVq5U\nwvgecfUQY8lfpJ25ELa/081aAe4Cg4NN7WShf7DFJ2tw+f/IguCWi+CHZoavv3AQ\nT7So/dbIjFJmliaPcTkvW02m+JHxNGduXJfelMXB72eyJR7/jEK7OvfE89a18yZ8\nP38biUIPZFNaLW1SN62GnA8Qby6g9C/1x+pXssEQ6fo1qJPk/bW6qYfPWWM4Op5N\nVsTFDx7EAZRCQFnyczTcaUE7g9s4ZovK4qMqTZq9BhP25m9yisvV1jizNpSU6vMi\nh37/Mi0gcOOcjbtj8Nlbtx+QsHFJvOgTjDIiwPVllMpxygWjSRRnR+LBoTHCPlP2\nZG5q8MGwZAIfzKSP9Fjg58rJoiWnzyJWFLEym38lfrrjch21CtgaKm28wrKQ18PC\n7GQ/A/rARWMfAKnFYEO4zF07kidgTwyVJI5RJv8b9x4vLo7/G80CVDXIYjEDP4FR\n7fNpEfc9/owximR5WpTds3GfzTDSKzNonHX/oNhIaJLkQ27RTSPXORzxtAsz2a6j\njbIYxx9rQto=komJ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1\n\nmacOS Big Sur 11.7.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213493. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: macOS Big Sur\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nppp\nAvailable for: macOS Big Sur\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nzlib\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nmacOS Big Sur 11.7.1 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \nCVE-2022-32862: an anonymous researcher\n\nAdditional recognition\n\nCalendar\nWe would like to acknowledge an anonymous researcher for their\nassistance. ==========================================================================\nUbuntu Security Notice USN-5462-2\nJune 06, 2022\n\nruby2.3 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nRuby could be made to crash or read sensitive information when\nprocessing certain input. This update provides\nthe corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\nIt was discovered that Ruby incorrectly handled certain inputs. \nAn attacker could possibly use this issue to expose sensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n   libruby2.3                      2.3.1-2~ubuntu16.04.16+esm3\n   ruby2.3                         2.3.1-2~ubuntu16.04.16+esm3\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-28739"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215"
      },
      {
        "db": "VULHUB",
        "id": "VHN-420273"
      },
      {
        "db": "PACKETSTORM",
        "id": "168692"
      },
      {
        "db": "PACKETSTORM",
        "id": "168445"
      },
      {
        "db": "PACKETSTORM",
        "id": "169553"
      },
      {
        "db": "PACKETSTORM",
        "id": "169577"
      },
      {
        "db": "PACKETSTORM",
        "id": "169552"
      },
      {
        "db": "PACKETSTORM",
        "id": "167654"
      },
      {
        "db": "PACKETSTORM",
        "id": "167425"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-28739",
        "trust": 4.0
      },
      {
        "db": "HACKERONE",
        "id": "1248108",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167425",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167654",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169577",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91198149",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-046-11",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "168360",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168691",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168445",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022041404",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060723",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072010",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070105",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4673",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5061",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3320",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2802",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5301",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3369",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169553",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168692",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169552",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168357",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167421",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169566",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-420273",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-420273"
      },
      {
        "db": "PACKETSTORM",
        "id": "168692"
      },
      {
        "db": "PACKETSTORM",
        "id": "168445"
      },
      {
        "db": "PACKETSTORM",
        "id": "169553"
      },
      {
        "db": "PACKETSTORM",
        "id": "169577"
      },
      {
        "db": "PACKETSTORM",
        "id": "169552"
      },
      {
        "db": "PACKETSTORM",
        "id": "167654"
      },
      {
        "db": "PACKETSTORM",
        "id": "167425"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28739"
      }
    ]
  },
  "id": "VAR-202204-0855",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-420273"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:12:11.778000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT213493 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html"
      },
      {
        "title": "Ruby Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193537"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-420273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28739"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/oct/29"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/oct/30"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/oct/42"
      },
      {
        "trust": 1.7,
        "url": "https://hackerone.com/reports/1248108"
      },
      {
        "trust": 1.7,
        "url": "https://security-tracker.debian.org/tracker/cve-2022-28739"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20220624-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213493"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213494"
      },
      {
        "trust": 1.7,
        "url": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28739"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/202401-27"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2802"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168360/red-hat-security-advisory-2022-6447-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167425/ubuntu-security-notice-usn-5462-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060723"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022041404"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168445/red-hat-security-advisory-2022-6585-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3320"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168691/red-hat-security-advisory-2022-6856-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5061"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213494"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169577/apple-security-advisory-2022-10-27-8.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167654/red-hat-security-advisory-2022-5338-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4673"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ruby-buffer-overflow-via-string-to-float-conversion-38079"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5301"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070105"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-28739/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-28739"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32862"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42825"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28738"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-28738"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht213493."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6855"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41819"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41817"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41816"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41817"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6585"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42798"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37434"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32941"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213494."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5338"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5462-2"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5462-1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-420273"
      },
      {
        "db": "PACKETSTORM",
        "id": "168692"
      },
      {
        "db": "PACKETSTORM",
        "id": "168445"
      },
      {
        "db": "PACKETSTORM",
        "id": "169553"
      },
      {
        "db": "PACKETSTORM",
        "id": "169577"
      },
      {
        "db": "PACKETSTORM",
        "id": "169552"
      },
      {
        "db": "PACKETSTORM",
        "id": "167654"
      },
      {
        "db": "PACKETSTORM",
        "id": "167425"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28739"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-420273",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168692",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168445",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169553",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169577",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169552",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167654",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167425",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3369",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28739",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-05-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-420273",
        "ident": null
      },
      {
        "date": "2022-10-11T16:06:57",
        "db": "PACKETSTORM",
        "id": "168692",
        "ident": null
      },
      {
        "date": "2022-09-21T13:50:28",
        "db": "PACKETSTORM",
        "id": "168445",
        "ident": null
      },
      {
        "date": "2022-10-31T14:19:37",
        "db": "PACKETSTORM",
        "id": "169553",
        "ident": null
      },
      {
        "date": "2022-10-31T14:43:13",
        "db": "PACKETSTORM",
        "id": "169577",
        "ident": null
      },
      {
        "date": "2022-10-31T14:19:21",
        "db": "PACKETSTORM",
        "id": "169552",
        "ident": null
      },
      {
        "date": "2022-07-01T14:58:20",
        "db": "PACKETSTORM",
        "id": "167654",
        "ident": null
      },
      {
        "date": "2022-06-07T15:15:31",
        "db": "PACKETSTORM",
        "id": "167425",
        "ident": null
      },
      {
        "date": "2022-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-3369",
        "ident": null
      },
      {
        "date": "2023-08-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-011215",
        "ident": null
      },
      {
        "date": "2022-05-09T18:15:08.540000",
        "db": "NVD",
        "id": "CVE-2022-28739",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-11-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-420273",
        "ident": null
      },
      {
        "date": "2023-06-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-3369",
        "ident": null
      },
      {
        "date": "2024-02-19T06:51:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-011215",
        "ident": null
      },
      {
        "date": "2025-11-04T16:15:48.840000",
        "db": "NVD",
        "id": "CVE-2022-28739",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3369"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Ruby\u00a0 Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011215"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3369"
      }
    ],
    "trust": 0.6
  }
}

VAR-201603-0237

Vulnerability from variot - Updated: 2026-04-10 23:12

Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Web Server is one of the Web servers. The vulnerability is caused by the program supporting the RC4 algorithm. A remote attacker could exploit this vulnerability to compromise the confidentiality protection mechanism. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14

macOS Mojave 10.14 addresses the following:

Bluetooth Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac (Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015), Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012) , Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro (Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air (13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air (13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air (13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air (13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro (15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013), MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina, 13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham

The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580)

afpserver Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley Entry added October 30, 2018

App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc.

AppleGraphicsControl Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative Entry added October 30, 2018

Application Firewall Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A configuration issue was addressed with additional restrictions. CVE-2018-4353: Abhinav Bansal of LinkedIn Inc.

APR Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT Entry added October 30, 2018

ATS Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018

ATS Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36) Entry added October 30, 2018

Auto Unlock Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

CFNetwork Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018

CoreFoundation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018

CoreFoundation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018

CoreText Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018

Crash Reporter Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad

CUPS Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch Entry added October 30, 2018

CUPS Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Entry added October 30, 2018

Dictionary Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Entry added October 30, 2018

Grand Central Dispatch Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018

Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018

Hypervisor Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis Description: An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Entry added October 30, 2018

iBooks Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018

Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Entry added October 30, 2018

Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero Day Initiative Entry added October 30, 2018

Intel Graphics Driver Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America Entry added October 30, 2018

Intel Graphics Driver Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero Entry added October 30, 2018

IOHIDFamily Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018

IOKit Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018

IOKit Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018

IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018

Kernel Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018

Kernel Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018

Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018

LibreSSL Impact: Multiple issues in libressl were addressed in this update Description: Multiple issues were addressed by updating to libressl version 2.6.4. CVE-2015-3194 CVE-2015-5333 CVE-2015-5334 CVE-2016-702 Entry added October 30, 2018

Login Window Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Entry added October 30, 2018

mDNSOffloadUserClient Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018

MediaRemote Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Entry added October 30, 2018

Microcode Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) Entry added October 30, 2018

Security Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018

Security Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky

Spotlight Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li Entry added October 30, 2018

Symptom Framework Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018

Text Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018

Wi-Fi Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative Entry added October 30, 2018

Additional recognition

Accessibility Framework We would like to acknowledge Ryan Govostes for their assistance.

Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.

CoreDAV We would like to acknowledge an anonymous researcher for their assistance.

CoreGraphics We would like to acknowledge Nitin Arya of Roblox Corporation for their assistance.

CoreSymbolication We would like to acknowledge Brandon Azad for their assistance.

IOUSBHostFamily We would like to acknowledge an anonymous researcher for their assistance.

Kernel We would like to acknowledge Brandon Azad for their assistance.

Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance.

Quick Look We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing and Patrick Wardle of Digita Security and lokihardt of Google Project Zero for their assistance.

Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance.

SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.

Terminal We would like to acknowledge an anonymous researcher for their assistance.

WindowServer We would like to acknowledge Patrick Wardle of Digita Security for their assistance.

Installation note:

macOS Mojave 10.14 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA iVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A zqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr d9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt VoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl WzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL TecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/ rpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z w9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl e2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST 1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu 1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k= =i9YR -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2018-9-24-4 Additional information for APPLE-SA-2018-9-17-1 iOS 12

iOS 12 addresses the following:

Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. Entry added September 24, 2018

Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham

CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)

Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4352: an anonymous researcher

Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)

Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue)

SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk)

Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2016-1777: Pepi Zawodsky

Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4191: found by OSS-Fuzz Entry added September 24, 2018

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) Entry added September 24, 2018

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari.

Status Bar We would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance.

Installation note:

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 12". CVE-ID CVE-2016-1787 : an anonymous researcher

OS X Server 5.1 may be obtained from the Mac App Store.

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "mac os x server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.15"
      },
      {
        "_id": null,
        "model": "macos server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.1   (os x yosemite v10.10.5 or later )"
      },
      {
        "_id": null,
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "5.0.15"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1777"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "150119"
      },
      {
        "db": "PACKETSTORM",
        "id": "150116"
      },
      {
        "db": "PACKETSTORM",
        "id": "149514"
      },
      {
        "db": "PACKETSTORM",
        "id": "149409"
      },
      {
        "db": "PACKETSTORM",
        "id": "136348"
      },
      {
        "db": "PACKETSTORM",
        "id": "149515"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-1777",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-1777",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-90596",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-1777",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1777",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1777",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-375",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90596",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1777",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90596"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1777"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1777"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Web Server is one of the Web servers. The vulnerability is caused by the program supporting the RC4 algorithm. A remote attacker could exploit this vulnerability to compromise the confidentiality protection mechanism. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-10-30-9 Additional information for\nAPPLE-SA-2018-9-24-1 macOS Mojave 10.14\n\nmacOS Mojave 10.14 addresses the following:\n\nBluetooth\nAvailable for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012)\n, iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac\n(Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015),\nMac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012)\n, Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro\n(Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air\n(13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air\n(13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air\n(13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air\n(13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro\n(15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013),\nMacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina,\n13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. This\nissue was addressed with improved input validation. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nThe updates below are available for these Mac models:\nMacBook (Early 2015 and later), MacBook Air (Mid 2012 and later),\nMacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later),\niMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013, Mid 2010, and Mid 2012 models with recommended\nMetal-capable graphics processor, including MSI Gaming Radeon RX 560\nand Sapphire Radeon PULSE RX 580)\n\nafpserver\nImpact: A remote attacker may be able to attack AFP servers through\nHTTP clients\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC\nBerkeley\nEntry added October 30, 2018\n\nApp Store\nImpact: A malicious application may be able to determine the Apple ID\nof the owner of the computer\nDescription: A permissions issue existed in the handling of the Apple\nID. This issue was addressed with improved access controls. \nCVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. \n\nAppleGraphicsControl\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4417: Lee of the Information Security Lab Yonsei University\nworking with Trend Micro\u0027s Zero Day Initiative\nEntry added October 30, 2018\n\nApplication Firewall\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2018-4353: Abhinav Bansal of LinkedIn Inc. \n\nAPR\nImpact: Multiple buffer overflow issues existed in Perl\nDescription: Multiple issues in Perl were addressed with improved\nmemory handling. \nCVE-2017-12613: Craig Young of Tripwire VERT\nCVE-2017-12618: Craig Young of Tripwire VERT\nEntry added October 30, 2018\n\nATS\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend\nMicro\u0027s Zero Day Initiative\nEntry added October 30, 2018\n\nATS\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4308: Mohamed Ghannam (@_simo36)\nEntry added October 30, 2018\n\nAuto Unlock\nImpact: A malicious application may be able to access local users\nAppleIDs\nDescription: A validation issue existed in the entitlement\nverification. This issue was addressed with improved validation of\nthe process entitlement. \nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. \n\nCFNetwork\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nCoreFoundation\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4412: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreFoundation\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4414: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreText\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4347: an anonymous researcher\nEntry added October 30, 2018\n\nCrash Reporter\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4333: Brandon Azad\n\nCUPS\nImpact: In certain configurations, a remote attacker may be able to\nreplace the message content from the print server with arbitrary\ncontent\nDescription: An injection issue was addressed with improved\nvalidation. \nCVE-2018-4153: Michael Hanselmann of hansmi.ch\nEntry added October 30, 2018\n\nCUPS\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4406: Michael Hanselmann of hansmi.ch\nEntry added October 30, 2018\n\nDictionary\nImpact: Parsing a maliciously crafted dictionary file may lead to\ndisclosure of user information\nDescription: A validation issue existed which allowed local file\naccess. This was addressed with input sanitization. \nCVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing\nEntry added October 30, 2018\n\nGrand Central Dispatch\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4426: Brandon Azad\nEntry added October 30, 2018\n\nHeimdal\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4331: Brandon Azad\nCVE-2018-4332: Brandon Azad\nCVE-2018-4343: Brandon Azad\nEntry added October 30, 2018\n\nHypervisor\nImpact: Systems with microprocessors utilizing speculative execution\nand address translations may allow unauthorized disclosure of\ninformation residing in the L1 data cache to an attacker with local\nuser access with guest OS privilege via a terminal page fault and a\nside-channel analysis\nDescription: An information disclosure issue was addressed by\nflushing the L1 data cache at the virtual machine entry. \nCVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas\nF. Wenisch of University of Michigan, Mark Silberstein and Marina\nMinkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens\nof KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu\nof Intel Corporation, Yuval Yarom of The University of Adelaide\nEntry added October 30, 2018\n\niBooks\nImpact: Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2018-4355: evi1m0 of bilibili security team\nEntry added October 30, 2018\n\nIntel Graphics Driver\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4396: Yu Wang of Didi Research America\nCVE-2018-4418: Yu Wang of Didi Research America\nEntry added October 30, 2018\n\nIntel Graphics Driver\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2018-4351: Appology Team @ Theori working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nIntel Graphics Driver\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4350: Yu Wang of Didi Research America\nEntry added October 30, 2018\n\nIntel Graphics Driver\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4334: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOHIDFamily\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation\nCVE-2018-4408: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4341: Ian Beer of Google Project Zero\nCVE-2018-4354: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4383: Apple\nEntry added October 30, 2018\n\nIOUserEthernet\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4401: Apple\nEntry added October 30, 2018\n\nKernel\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: An access issue existed with privileged API calls. This\nissue was addressed with additional restrictions. \nCVE-2018-4399: Fabiano Anemone (@anoane)\nEntry added October 30, 2018\n\nKernel\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4407: Kevin Backhouse of Semmle Ltd. \nEntry added October 30, 2018\n\nKernel\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4336: Brandon Azad\nCVE-2018-4337: Ian Beer of Google Project Zero\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\nCVE-2018-4344: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2018-4425: cc working with Trend Micro\u0027s Zero Day Initiative,\nJuwei Lin (@panicaII) of Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nLibreSSL\nImpact: Multiple issues in libressl were addressed in this update\nDescription: Multiple issues were addressed by updating to libressl\nversion 2.6.4. \nCVE-2015-3194\nCVE-2015-5333\nCVE-2015-5334\nCVE-2016-702\nEntry added October 30, 2018\n\nLogin Window\nImpact: A local user may be able to cause a denial of service\nDescription: A validation issue was addressed with improved logic. \nCVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of\nMWR InfoSecurity\nEntry added October 30, 2018\n\nmDNSOffloadUserClient\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4326: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team\nEntry added October 30, 2018\n\nMediaRemote\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs\nEntry added October 30, 2018\n\nMicrocode\nImpact: Systems with microprocessors utilizing speculative execution\nand speculative execution of memory reads before the addresses of all\nprior memory writes are known may allow unauthorized disclosure of\ninformation to an attacker with local user access via a side-channel\nanalysis\nDescription: An information disclosure issue was addressed with a\nmicrocode update. This ensures that older data read from\nrecently-written-to addresses cannot be read via a speculative\nside-channel. \nCVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken\nJohnson of the Microsoft Security Response Center (MSRC)\nEntry added October 30, 2018\n\nSecurity\nImpact: A local user may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2018-4395: Patrick Wardle of Digita Security\nEntry added October 30, 2018\n\nSecurity\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: This issue was addressed by removing RC4. \nCVE-2016-1777: Pepi Zawodsky\n\nSpotlight\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4393: Lufeng Li\nEntry added October 30, 2018\n\nSymptom Framework\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nText\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4304: jianan.huang (@Sevck)\nEntry added October 30, 2018\n\nWi-Fi\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend\nMicro\u0027s Zero Day Initiative\nEntry added October 30, 2018\n\nAdditional recognition\n\nAccessibility Framework\nWe would like to acknowledge Ryan Govostes for their assistance. \n\nCore Data\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nCoreDAV\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nCoreGraphics\nWe would like to acknowledge Nitin Arya of Roblox Corporation for\ntheir assistance. \n\nCoreSymbolication\nWe would like to acknowledge Brandon Azad for their assistance. \n\nIOUSBHostFamily\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad for their assistance. \n\nMail\nWe would like to acknowledge Alessandro Avagliano of Rocket Internet\nSE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron\nSoftware Systems, and Zbyszek A\u003e\u003eA3Akiewski for their assistance. \n\nQuick Look\nWe would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing\nand Patrick Wardle of Digita Security and lokihardt of Google Project\nZero for their assistance. \n\nSecurity\nWe would like to acknowledge Christoph Sinai, Daniel Dudek\n(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)\nof ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of\nShapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson\nDing, and an anonymous researcher for their assistance. \n\nSQLite\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nTerminal\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nWindowServer\nWe would like to acknowledge Patrick Wardle of Digita Security for\ntheir assistance. \n\nInstallation note:\n\nmacOS Mojave 10.14 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA\niVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A\nzqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr\nd9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt\nVoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl\nWzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL\nTecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/\nrpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z\nw9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl\ne2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST\n1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu\n1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k=\n=i9YR\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-9-24-4 Additional information for\nAPPLE-SA-2018-9-17-1 iOS 12\n\niOS 12 addresses the following:\n\nAccounts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: This issue was addressed with improved entitlements. \nEntry added September 24, 2018\n\nBluetooth\nAvailable for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,\niPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,\n12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,\n9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nCoreMedia\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An app may be able to learn information about the current\ncamera view before being granted camera access\nDescription: A permissions issue existed. \nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu\nof Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye,\nMehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug\nKarakaya of Kaliptus Medical Organization, Vinodh Swami of Western\nGovernor\u0027s University (WGU)\n\nNotes\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to discover a user\u0027s deleted notes\nDescription: A consistency issue existed in the handling of\napplication snapshots. \nCVE-2018-4352: an anonymous researcher\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to discover websites a user has\nvisited\nDescription: A consistency issue existed in the handling of\napplication snapshots. \nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu\nof Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye,\nMehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug\nKarakaya of Kaliptus Medical Organization, Vinodh Swami of Western\nGovernor\u0027s University (WGU)\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A user may be unable to delete browsing history items\nDescription: Clearing a history item may not clear visits with\nredirect chains. \nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\nSafariViewController\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious website may be able to exfiltrate autofilled data\nin Safari\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2016-1777: Pepi Zawodsky\n\nStatus Bar\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\ndetermine the last used app from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2018-4191: found by OSS-Fuzz\nEntry added September 24, 2018\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Cross-origin SecurityErrors includes the accessed frame\u0027s\norigin\nDescription: The issue was addressed by removing origin information. \nCVE-2018-4311: Erling Alf Ellingsen (@steike)\nEntry added September 24, 2018\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious website may be able to execute scripts in the\ncontext of another website\nDescription: A cross-site scripting issue existed in Safari. \n\nStatus Bar\nWe would like to acknowledge Ju Zhu of Meituan and Moony Li and\nLilang Wu of Trend Micro for their assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 12\". \nCVE-ID\nCVE-2016-1787 : an anonymous researcher\n\nOS X Server 5.1 may be obtained from the Mac App Store. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90596"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1777"
      },
      {
        "db": "PACKETSTORM",
        "id": "150119"
      },
      {
        "db": "PACKETSTORM",
        "id": "150116"
      },
      {
        "db": "PACKETSTORM",
        "id": "149514"
      },
      {
        "db": "PACKETSTORM",
        "id": "149409"
      },
      {
        "db": "PACKETSTORM",
        "id": "136348"
      },
      {
        "db": "PACKETSTORM",
        "id": "149515"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-90596",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90596"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1777",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "85054",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1035342",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU97668313",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "149515",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "149514",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "150119",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "149409",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "149400",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150113",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150117",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149410",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140151",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149516",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149510",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-90596",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1777",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150116",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136348",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90596"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1777"
      },
      {
        "db": "PACKETSTORM",
        "id": "150119"
      },
      {
        "db": "PACKETSTORM",
        "id": "150116"
      },
      {
        "db": "PACKETSTORM",
        "id": "149514"
      },
      {
        "db": "PACKETSTORM",
        "id": "149409"
      },
      {
        "db": "PACKETSTORM",
        "id": "136348"
      },
      {
        "db": "PACKETSTORM",
        "id": "149515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1777"
      }
    ]
  },
  "id": "VAR-201603-0237",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90596"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:12:10.977000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2016-03-21-7 OS X Server 5.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
      },
      {
        "title": "HT206173",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206173"
      },
      {
        "title": "HT206173",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT206173"
      },
      {
        "title": "Apple OS X Server Web Server Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60696"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1777"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00006.html"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206173"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/85054"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1035342"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1777"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97668313/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1777"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.6,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4336"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4305"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4313"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4191"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4344"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4299"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4321"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4323"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4318"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4203"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4332"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4309"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4315"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4340"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4304"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4197"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4126"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4316"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4317"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4306"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4312"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4328"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4331"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4314"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4341"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4337"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4338"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4333"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4319"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4311"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4363"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/bugtraq/2018/sep/39"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4334"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4326"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4153"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4324"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4310"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4295"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12613"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3639"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4307"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4322"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4335"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4325"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1787"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4359"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4358"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90596"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1777"
      },
      {
        "db": "PACKETSTORM",
        "id": "150119"
      },
      {
        "db": "PACKETSTORM",
        "id": "150116"
      },
      {
        "db": "PACKETSTORM",
        "id": "149514"
      },
      {
        "db": "PACKETSTORM",
        "id": "149409"
      },
      {
        "db": "PACKETSTORM",
        "id": "136348"
      },
      {
        "db": "PACKETSTORM",
        "id": "149515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1777"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90596",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1777",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "150119",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "150116",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "149514",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "149409",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "136348",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "149515",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1777",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2016-03-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90596",
        "ident": null
      },
      {
        "date": "2016-03-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1777",
        "ident": null
      },
      {
        "date": "2018-10-31T16:17:40",
        "db": "PACKETSTORM",
        "id": "150119",
        "ident": null
      },
      {
        "date": "2018-10-31T16:10:50",
        "db": "PACKETSTORM",
        "id": "150116",
        "ident": null
      },
      {
        "date": "2018-09-25T16:28:22",
        "db": "PACKETSTORM",
        "id": "149514",
        "ident": null
      },
      {
        "date": "2018-09-18T02:22:58",
        "db": "PACKETSTORM",
        "id": "149409",
        "ident": null
      },
      {
        "date": "2016-03-22T15:23:11",
        "db": "PACKETSTORM",
        "id": "136348",
        "ident": null
      },
      {
        "date": "2018-09-25T16:31:15",
        "db": "PACKETSTORM",
        "id": "149515",
        "ident": null
      },
      {
        "date": "2016-03-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-375",
        "ident": null
      },
      {
        "date": "2016-03-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001874",
        "ident": null
      },
      {
        "date": "2016-03-24T01:59:44.780000",
        "db": "NVD",
        "id": "CVE-2016-1777",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2016-12-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90596",
        "ident": null
      },
      {
        "date": "2016-12-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1777",
        "ident": null
      },
      {
        "date": "2016-03-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-375",
        "ident": null
      },
      {
        "date": "2016-03-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001874",
        "ident": null
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-1777",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Apple OS X Server of  Web Vulnerability that breaks cryptographic protection mechanisms in servers",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001874"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-375"
      }
    ],
    "trust": 0.6
  }
}

VAR-202011-0444

Vulnerability from variot - Updated: 2026-04-10 23:11

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome is a web browser developed by Google (Google). Chrome has security holes.

For the stable distribution (buster), these problems have been fixed in version 78.4.0esr-1~deb10u2.

We recommend that you upgrade your firefox-esr packages. 6) - i386, x86_64

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-12-14-7 tvOS 14.3

tvOS 14.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212005.

CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab

FontParser Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-27946: Mateusz Jurczyk of Google Project Zero

FontParser Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27943: Mateusz Jurczyk of Google Project Zero CVE-2020-27944: Mateusz Jurczyk of Google Project Zero

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to heap corruption Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-29611: Ivan Fratric of Google Project Zero

WebRTC Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-15969: an anonymous researcher

Installation note:

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."

To check the current version of software, select "Settings -> General -> About."

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBnkACgkQZcsbuWJ6 jjAdUA/+IW1Va0vmKcDFand0B8Y1lkRDdThXQ/lQmLJCPNJ1hQLQZSLUzpYvjyLi UAepoh/ToYtt9YivitmjfNHxjLvYw/xRV13cpsVMcCvQhhS1N5s4aJEL6f+0LEhv 6U0JvjGoa6/By4sQksdPZnipoNRzEJ3KWRJrFkLnGwvH+uT6KbuzjXqfHwkHJfV2 XgghEJzvoLT1cbXp6XNO/YOV++eeDBkW0L80YukQ2RPDHi3N99Aue9ADe+pbQJH1 eJBWdZV99zjHZrStXKBQ7CF5i9hJnludrMo0V+RgMXRhLrfW5dm6Ww3kLm4okj+D spAJy8WepCRFwth9+yFcmdxyv2aZJ0MvxuFAIL6Sv9E0FvMW8fPbRHcsJDDTAt4f mKUPwUex183P7li3SYEK/I1ItcMh039wlulkiP5xw/6JGDIDh7ryOaTPCvnz+MIx OzcgtdNFLcTA2BDEQwITEp+fpuqAlXw3ykbq5yYZz3AJXxKLVXVLeuB1oEkHJmRi 4EUXb7Lb5TEoMj1dbCmmr6q3eWGCPj5CJcTFJMTNWx8aW4u889mi7FqCnXasAc3M jg5eSRy+97+tOsdgUYFoMekJqF8jJbljDH1NDmEbMtVc+F7jT4khXN9fRLvqN6An P4web66vaHKZbUnMDtXHjMSkfniHUT39JKm7CJPNC/vf2HF9HQM=4OzT -----END PGP SIGNATURE-----

Background

Library for rendering dynamic web content in Qt5 C++ and QML applications. 8.0) - ppc64le, x86_64

Gentoo Linux Security Advisory GLSA 202010-08

                                      https://security.gentoo.org/

Severity: Normal Title: Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities Date: October 28, 2020 Bugs: #750446 ID: 202010-08

Synopsis

Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

Affected packages

Package              /     Vulnerable     /            Unaffected

1 www-client/firefox < 82.0 >= 78.4.0:0/esr78

= 82.0 2 www-client/firefox-bin < 82.0 >= 78.4.0:0/esr78 = 82.0 3 mail-client/thunderbird < 78.4.0 >= 78.4.0 4 mail-client/thunderbird-bin < 78.4.0 >= 78.4.0

4 affected packages

Description

Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0"

All Mozilla Firefox (bin) users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-82.0"

All Mozilla Firefox ESR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=www-client/firefox-78.4.0:0/esr78"

All Mozilla Firefox ESR (bin) users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=www-client/firefox-bin-78.4.0:0/esr78"

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-.4.0"

All Mozilla Thunderbird (bin) users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-78.4.0"

References

[ 1 ] CVE-2020-15683 https://nvd.nist.gov/vuln/detail/CVE-2020-15683 [ 2 ] CVE-2020-15969 https://nvd.nist.gov/vuln/detail/CVE-2020-15969 [ 3 ] MFSA-2020-45 https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/ [ 4 ] MFSA-2020-46 https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/ [ 5 ] MFSA-2020-47 https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202010-08

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: firefox security update Advisory ID: RHSA-2020:4310-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4310 Issue date: 2020-10-22 CVE Names: CVE-2020-15683 CVE-2020-15969 ==================================================================== 1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 78.4.0 ESR.

Security Fix(es):

Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683)
chromium-browser: Use after free in WebRTC (CVE-2020-15969)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: firefox-78.4.0-1.el7_9.src.rpm

x86_64: firefox-78.4.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: firefox-78.4.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: firefox-78.4.0-1.el7_9.src.rpm

ppc64: firefox-78.4.0-1.el7_9.ppc64.rpm firefox-debuginfo-78.4.0-1.el7_9.ppc64.rpm

ppc64le: firefox-78.4.0-1.el7_9.ppc64le.rpm firefox-debuginfo-78.4.0-1.el7_9.ppc64le.rpm

s390x: firefox-78.4.0-1.el7_9.s390x.rpm firefox-debuginfo-78.4.0-1.el7_9.s390x.rpm

x86_64: firefox-78.4.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64: firefox-78.4.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: firefox-78.4.0-1.el7_9.src.rpm

x86_64: firefox-78.4.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: firefox-78.4.0-1.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBX5G+ntzjgjWX9erEAQhmDQ//dHDny/ImuLP8xvK4PtLEY7BRvrOS/vY2 YkKEGdGOQa48sBw+5Y2tSqra5gKOqf5H3lcxj+sTG97hUStgrNAucZpTHaKm7vde /Eb3PIFWOqnNpcvDg6njU/q5ttA7YC0PHizRfH0Yix5EUAkKZnMWlcS8Lkm5FEM2 Ws+UfvgB/+Gx03I2MioDwnnHnnZLR+pmt7EYl7CnKLRMYsQVEkrlc2b7gCzPlijo UV91wcUoX4s9/v/i2afTY8CqhDs8MNHFnsVX+FTCyGbezamAxJ+YTKtDgKDiG+7v up2fIlMhf8eKnkEpyOebDDPo8vECJr311rXT0qg6/jkx9iogOyHskOcmTYIK5xzT R9gmF+gvsJsMeHzD6a6uh5BsLLS7rtIESWO91IS0FofOAv0lkkOqG1xlAq4zAKYc 8NrzZ0omzrB9rRK2LeKp2oAP0xIoFQiTmicoBAvRijNPRSWT8SZY/IfOsSvrbfkG rGOY4nNaLVQUqXv7+BKa/LusfBhQkGgxcKO/uNX7xWGTEqH4ysx7/ELKmQ1LjZxw bgYhrYaSkSMAQ5r/Nf0qMHLLxvMUqmJmgkExE0rLwogxWVYZWVCiIwI0wncDCFEo mw8HZ58JlTWTv2owGc8I0fo+ln7Y5xmuXuyN6AldueladP0AdtdNyaw/GHquCytW o2ukWK2zUE8=oczW -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "backports sle",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.3"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "google",
        "version": "86.0.4240.75"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.0.2"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.3"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-15969"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "159910"
      },
      {
        "db": "PACKETSTORM",
        "id": "159907"
      },
      {
        "db": "PACKETSTORM",
        "id": "159909"
      },
      {
        "db": "PACKETSTORM",
        "id": "159682"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2020-15969",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-15969",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-169000",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-15969",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-15969",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-169000",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169000"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-15969"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome is a web browser developed by Google (Google). Chrome has security holes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 78.4.0esr-1~deb10u2. \n\nWe recommend that you upgrade your firefox-esr packages. 6) - i386, x86_64\n\n3. Description:\n\nMozilla Thunderbird is a standalone mail and newsgroup client. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-12-14-7 tvOS 14.3\n\ntvOS 14.3 addresses the following issues. Information about the\nsecurity content is also available at\nhttps://support.apple.com/HT212005. \n\nCoreAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\nFontParser\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\nFontParser\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed with improved input validation. \nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-29611: Ivan Fratric of Google Project Zero\n\nWebRTC\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-15969: an anonymous researcher\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBnkACgkQZcsbuWJ6\njjAdUA/+IW1Va0vmKcDFand0B8Y1lkRDdThXQ/lQmLJCPNJ1hQLQZSLUzpYvjyLi\nUAepoh/ToYtt9YivitmjfNHxjLvYw/xRV13cpsVMcCvQhhS1N5s4aJEL6f+0LEhv\n6U0JvjGoa6/By4sQksdPZnipoNRzEJ3KWRJrFkLnGwvH+uT6KbuzjXqfHwkHJfV2\nXgghEJzvoLT1cbXp6XNO/YOV++eeDBkW0L80YukQ2RPDHi3N99Aue9ADe+pbQJH1\neJBWdZV99zjHZrStXKBQ7CF5i9hJnludrMo0V+RgMXRhLrfW5dm6Ww3kLm4okj+D\nspAJy8WepCRFwth9+yFcmdxyv2aZJ0MvxuFAIL6Sv9E0FvMW8fPbRHcsJDDTAt4f\nmKUPwUex183P7li3SYEK/I1ItcMh039wlulkiP5xw/6JGDIDh7ryOaTPCvnz+MIx\nOzcgtdNFLcTA2BDEQwITEp+fpuqAlXw3ykbq5yYZz3AJXxKLVXVLeuB1oEkHJmRi\n4EUXb7Lb5TEoMj1dbCmmr6q3eWGCPj5CJcTFJMTNWx8aW4u889mi7FqCnXasAc3M\njg5eSRy+97+tOsdgUYFoMekJqF8jJbljDH1NDmEbMtVc+F7jT4khXN9fRLvqN6An\nP4web66vaHKZbUnMDtXHjMSkfniHUT39JKm7CJPNC/vf2HF9HQM=4OzT\n-----END PGP SIGNATURE-----\n\n\n. \n\nBackground\n=========\nLibrary for rendering dynamic web content in Qt5 C++ and QML\napplications. 8.0) - ppc64le, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202010-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                          https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSeverity: Normal\n   Title: Mozilla Firefox, Mozilla Thunderbird: Multiple\n          vulnerabilities\n    Date: October 28, 2020\n    Bugs: #750446\n      ID: 202010-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox and Mozilla\nThunderbird, the worst of which could result in the arbitrary execution\nof code. \n\nAffected packages\n=================\n\n   -------------------------------------------------------------------\n    Package              /     Vulnerable     /            Unaffected\n   -------------------------------------------------------------------\n 1  www-client/firefox            \u003c 82.0           \u003e= 78.4.0:0/esr78\n\u003e = 82.0\n 2  www-client/firefox-bin        \u003c 82.0           \u003e= 78.4.0:0/esr78\n\u003e = 82.0\n 3  mail-client/thunderbird      \u003c 78.4.0                  \u003e= 78.4.0\n 4  mail-client/thunderbird-bin\n                                 \u003c 78.4.0                  \u003e= 78.4.0\n   -------------------------------------------------------------------\n    4 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox and\nMozilla Thunderbird. Please review the CVE identifiers referenced below\nfor details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-82.0\"\n\nAll Mozilla Firefox (bin) users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-82.0\"\n\nAll Mozilla Firefox ESR users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-client/firefox-78.4.0:0/esr78\"\n\nAll Mozilla Firefox ESR (bin) users should upgrade to the latest\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-client/firefox-bin-78.4.0:0/esr78\"\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-client/thunderbird-.4.0\"\n\nAll Mozilla Thunderbird (bin) users should upgrade to the latest\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-78.4.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-15683\n     https://nvd.nist.gov/vuln/detail/CVE-2020-15683\n[ 2 ] CVE-2020-15969\n     https://nvd.nist.gov/vuln/detail/CVE-2020-15969\n[ 3 ] MFSA-2020-45\n     https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/\n[ 4 ] MFSA-2020-46\n     https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/\n[ 5 ] MFSA-2020-47\n     https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\nhttps://security.gentoo.org/glsa/202010-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: firefox security update\nAdvisory ID:       RHSA-2020:4310-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:4310\nIssue date:        2020-10-22\nCVE Names:         CVE-2020-15683 CVE-2020-15969\n====================================================================\n1. Summary:\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. \n\nThis update upgrades Firefox to version 78.4.0 ESR. \n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4\n(CVE-2020-15683)\n\n* chromium-browser: Use after free in WebRTC (CVE-2020-15969)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC\n1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nfirefox-78.4.0-1.el7_9.src.rpm\n\nx86_64:\nfirefox-78.4.0-1.el7_9.x86_64.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nfirefox-78.4.0-1.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nfirefox-78.4.0-1.el7_9.src.rpm\n\nppc64:\nfirefox-78.4.0-1.el7_9.ppc64.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.ppc64.rpm\n\nppc64le:\nfirefox-78.4.0-1.el7_9.ppc64le.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.ppc64le.rpm\n\ns390x:\nfirefox-78.4.0-1.el7_9.s390x.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.s390x.rpm\n\nx86_64:\nfirefox-78.4.0-1.el7_9.x86_64.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nx86_64:\nfirefox-78.4.0-1.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nfirefox-78.4.0-1.el7_9.src.rpm\n\nx86_64:\nfirefox-78.4.0-1.el7_9.x86_64.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nfirefox-78.4.0-1.el7_9.i686.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-15683\nhttps://access.redhat.com/security/cve/CVE-2020-15969\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5G+ntzjgjWX9erEAQhmDQ//dHDny/ImuLP8xvK4PtLEY7BRvrOS/vY2\nYkKEGdGOQa48sBw+5Y2tSqra5gKOqf5H3lcxj+sTG97hUStgrNAucZpTHaKm7vde\n/Eb3PIFWOqnNpcvDg6njU/q5ttA7YC0PHizRfH0Yix5EUAkKZnMWlcS8Lkm5FEM2\nWs+UfvgB/+Gx03I2MioDwnnHnnZLR+pmt7EYl7CnKLRMYsQVEkrlc2b7gCzPlijo\nUV91wcUoX4s9/v/i2afTY8CqhDs8MNHFnsVX+FTCyGbezamAxJ+YTKtDgKDiG+7v\nup2fIlMhf8eKnkEpyOebDDPo8vECJr311rXT0qg6/jkx9iogOyHskOcmTYIK5xzT\nR9gmF+gvsJsMeHzD6a6uh5BsLLS7rtIESWO91IS0FofOAv0lkkOqG1xlAq4zAKYc\n8NrzZ0omzrB9rRK2LeKp2oAP0xIoFQiTmicoBAvRijNPRSWT8SZY/IfOsSvrbfkG\nrGOY4nNaLVQUqXv7+BKa/LusfBhQkGgxcKO/uNX7xWGTEqH4ysx7/ELKmQ1LjZxw\nbgYhrYaSkSMAQ5r/Nf0qMHLLxvMUqmJmgkExE0rLwogxWVYZWVCiIwI0wncDCFEo\nmw8HZ58JlTWTv2owGc8I0fo+ln7Y5xmuXuyN6AldueladP0AdtdNyaw/GHquCytW\no2ukWK2zUE8=oczW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-15969"
      },
      {
        "db": "VULHUB",
        "id": "VHN-169000"
      },
      {
        "db": "PACKETSTORM",
        "id": "168916"
      },
      {
        "db": "PACKETSTORM",
        "id": "168919"
      },
      {
        "db": "PACKETSTORM",
        "id": "159910"
      },
      {
        "db": "PACKETSTORM",
        "id": "160542"
      },
      {
        "db": "PACKETSTORM",
        "id": "161131"
      },
      {
        "db": "PACKETSTORM",
        "id": "159907"
      },
      {
        "db": "PACKETSTORM",
        "id": "159909"
      },
      {
        "db": "PACKETSTORM",
        "id": "159746"
      },
      {
        "db": "PACKETSTORM",
        "id": "159682"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-15969",
        "trust": 2.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159909",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159910",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161131",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "160542",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159907",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159746",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159682",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159683",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160538",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159679",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159695",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159906",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160536",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159587",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159536",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160540",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159888",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159686",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-169000",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168970",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168916",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168919",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169000"
      },
      {
        "db": "PACKETSTORM",
        "id": "168970"
      },
      {
        "db": "PACKETSTORM",
        "id": "168916"
      },
      {
        "db": "PACKETSTORM",
        "id": "168919"
      },
      {
        "db": "PACKETSTORM",
        "id": "159910"
      },
      {
        "db": "PACKETSTORM",
        "id": "160542"
      },
      {
        "db": "PACKETSTORM",
        "id": "161131"
      },
      {
        "db": "PACKETSTORM",
        "id": "159907"
      },
      {
        "db": "PACKETSTORM",
        "id": "159909"
      },
      {
        "db": "PACKETSTORM",
        "id": "159746"
      },
      {
        "db": "PACKETSTORM",
        "id": "159682"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-15969"
      }
    ]
  },
  "id": "VAR-202011-0444",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169000"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:11:53.950000Z",
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169000"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-15969"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202101-30"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212003"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212005"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212007"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212009"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212011"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2021/dsa-4824"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/dec/24"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/dec/26"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/dec/27"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/dec/29"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/dec/30"
      },
      {
        "trust": 1.1,
        "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html"
      },
      {
        "trust": 1.1,
        "url": "https://crbug.com/1124659"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15969"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4gwcwnhttyoh6hsfuxpgpbb6j6jyzhze/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24qfl4c3azkmfvl7lvsymu2dne5vvugs/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sc3u3h6aisvzb5plzllnf4hmq4uffl7m/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15683"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-15683"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-15969"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.3,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15966"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15968"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15960"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15959"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15963"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15962"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15964"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15965"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15961"
      },
      {
        "trust": 0.2,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.2,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.2,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4gwcwnhttyoh6hsfuxpgpbb6j6jyzhze/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sc3u3h6aisvzb5plzllnf4hmq4uffl7m/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24qfl4c3azkmfvl7lvsymu2dne5vvugs/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/chromium"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15970"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15967"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15971"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8075"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/firefox-esr"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/thunderbird"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4947"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27948"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27946"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29611"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29619"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212005."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6467"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6534"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6545"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6571"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6514"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6482"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6475"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6511"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6559"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6471"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15972"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6576"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15977"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16002"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6573"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6549"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15992"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6510"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6486"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16001"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6490"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15979"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15989"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16003"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15987"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6531"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6476"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6480"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6548"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6535"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6550"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6562"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15976"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6474"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6533"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6575"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6489"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6512"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6481"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6557"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15985"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6530"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6473"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6561"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6529"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4944"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4945"
      },
      {
        "trust": 0.1,
        "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-47/"
      },
      {
        "trust": 0.1,
        "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-46/"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/202010-08"
      },
      {
        "trust": 0.1,
        "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-45/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4310"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169000"
      },
      {
        "db": "PACKETSTORM",
        "id": "168970"
      },
      {
        "db": "PACKETSTORM",
        "id": "168916"
      },
      {
        "db": "PACKETSTORM",
        "id": "168919"
      },
      {
        "db": "PACKETSTORM",
        "id": "159910"
      },
      {
        "db": "PACKETSTORM",
        "id": "160542"
      },
      {
        "db": "PACKETSTORM",
        "id": "161131"
      },
      {
        "db": "PACKETSTORM",
        "id": "159907"
      },
      {
        "db": "PACKETSTORM",
        "id": "159909"
      },
      {
        "db": "PACKETSTORM",
        "id": "159746"
      },
      {
        "db": "PACKETSTORM",
        "id": "159682"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-15969"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-169000",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168970",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168916",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168919",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "159910",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "160542",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161131",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "159907",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "159909",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "159746",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "159682",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-15969",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-169000",
        "ident": null
      },
      {
        "date": "2021-01-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "168970",
        "ident": null
      },
      {
        "date": "2020-10-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168916",
        "ident": null
      },
      {
        "date": "2020-10-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168919",
        "ident": null
      },
      {
        "date": "2020-11-05T17:01:22",
        "db": "PACKETSTORM",
        "id": "159910",
        "ident": null
      },
      {
        "date": "2020-12-16T18:02:43",
        "db": "PACKETSTORM",
        "id": "160542",
        "ident": null
      },
      {
        "date": "2021-01-26T14:27:32",
        "db": "PACKETSTORM",
        "id": "161131",
        "ident": null
      },
      {
        "date": "2020-11-05T17:00:57",
        "db": "PACKETSTORM",
        "id": "159907",
        "ident": null
      },
      {
        "date": "2020-11-05T17:01:15",
        "db": "PACKETSTORM",
        "id": "159909",
        "ident": null
      },
      {
        "date": "2020-10-28T16:36:31",
        "db": "PACKETSTORM",
        "id": "159746",
        "ident": null
      },
      {
        "date": "2020-10-22T23:55:44",
        "db": "PACKETSTORM",
        "id": "159682",
        "ident": null
      },
      {
        "date": "2020-11-03T03:15:12.790000",
        "db": "NVD",
        "id": "CVE-2020-15969",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-169000",
        "ident": null
      },
      {
        "date": "2024-11-21T05:06:34.250000",
        "db": "NVD",
        "id": "CVE-2020-15969",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Debian Security Advisory 4824-1",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168970"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168916"
      },
      {
        "db": "PACKETSTORM",
        "id": "168919"
      },
      {
        "db": "PACKETSTORM",
        "id": "161131"
      },
      {
        "db": "PACKETSTORM",
        "id": "159746"
      }
    ],
    "trust": 0.4
  }
}

VAR-201912-0562

Vulnerability from variot - Updated: 2026-04-10 23:09

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Falsification of information * Arbitrary code execution * Service operation interruption (DoS) * Privilege escalation * Authentication bypass. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the CFFromShiftJISLen function. Crafted data in a DOC file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. are all products of Apple (Apple). The product supports storage of music, photos, App and contacts, etc. Apple macOS Catalina is a dedicated operating system developed for Mac computers. UIFoundation is one of the UI framework components. Entry added October 29, 2019

boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum and Thijs Alkemade (@xnyhps) of Computest for their assistance.

Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-10-29-6 Additional information for APPLE-SA-2019-9-26-3 iOS 13

iOS 13 addresses the following:

Bluetooth Available for: iPhone 6s and later Impact: Notification previews may show on Bluetooth accessories even when previews are disabled Description: A logic issue existed with the display of notification previews. CVE-2019-8711: Arjang of MARK ANTHONY GROUP INC., Cemil Ozkebapci (@cemilozkebapci) of Garanti BBVA, Oguzhan Meral of Deloitte Consulting, Ömer Bozdoğan-Ramazan Atıl Anadolu Lisesi Adana/TÜRKİYE

CFNetwork Available for: iPhone 6s and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland Entry added October 29, 2019

CoreAudio Available for: iPhone 6s and later Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

CoreCrypto Available for: iPhone 6s and later Impact: Processing a large input may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2019-8741: Nicky Mouha of NIST Entry added October 29, 2019

CoreMedia Available for: iPhone 6s and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8825: Found by GWP-ASan in Google Chrome Entry added October 29, 2019

Face ID Available for: iPhone 6s and later Impact: A 3D model constructed to look like the enrolled user may authenticate via Face ID Description: This issue was addressed by improving Face ID machine learning models. CVE-2019-8760: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year Security Lab

Foundation Available for: iPhone 6s and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero Entry added October 29, 2019

IOUSBDeviceFamily Available for: iPhone 6s and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8718: Joshua Hill and Sem Voigtländer Entry added October 29, 2019

Kernel Available for: iPhone 6s and later Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019

Kernel Available for: iPhone 6s and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8709: derrek (@derrekr6) [confirmed]derrek (@derrekr6) Entry added October 29, 2019

Kernel Available for: iPhone 6s and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero Entry added October 29, 2019

Kernel Available for: iPhone 6s and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8712: Mohamed Ghannam (@_simo36) Entry added October 29, 2019

Kernel Available for: iPhone 6s and later Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team Entry added October 29, 2019

Keyboards Available for: iPhone 6s and later Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved state management. CVE-2019-8704: 王邦宇 (wAnyBug.Com) of SAINTSEC

libxml2 Available for: iPhone 6s and later Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz Entry added October 29, 2019

Messages Available for: iPhone 6s and later Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen Description: The issue was addressed by restricting options offered on a locked device. CVE-2019-8742: videosdebarraquito

Notes Available for: iPhone 6s and later Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University Entry added October 29, 2019

PluginKit Available for: iPhone 6s and later Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8708: an anonymous researcher Entry added October 29, 2019

PluginKit Available for: iPhone 6s and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8715: an anonymous researcher Entry added October 29, 2019

Quick Look Available for: iPhone 6s and later Impact: Processing a maliciously crafted file may disclose user information Description: A permissions issue existed in which execute permission was incorrectly granted. CVE-2019-8731: Saif Hamed Hamdan Al Hinai of Oman National CERT, Yiğit Can YILMAZ (@yilmazcanyigit)

Safari Available for: iPhone 6s and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A logic issue was addressed with improved state management. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Entry added October 29, 2019

WebKit Available for: iPhone 6s and later Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2019-8771: Eliya Stein of Confiant Entry added October 29, 2019

WebKit Available for: iPhone 6s and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative CVE-2019-8726: Jihui Lu of Tencent KeenLab CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of ABLY Corporation CVE-2019-8733: Sergei Glazunov of Google Project Zero CVE-2019-8734: found by OSS-Fuzz CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative Entry added October 29, 2019

WebKit Available for: iPhone 6s and later Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. CVE-2019-8768: Hugo S. Diaz (coldpointblue) Entry added October 29, 2019

WebKit Available for: iPhone 6s and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8625: Sergei Glazunov of Google Project Zero CVE-2019-8719: Sergei Glazunov of Google Project Zero CVE-2019-8764: Sergei Glazunov of Google Project Zero Entry added October 29, 2019

WebKit Page Loading Available for: iPhone 6s and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8674: Sergei Glazunov of Google Project Zero

Additional recognition

AppleRTC We would like to acknowledge Vitaly Cheptsov for their assistance.

Audio We would like to acknowledge riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative for their assistance.

Bluetooth We would like to acknowledge Jan Ruge of TU Darmstadt, Secure Mobile Networking Lab, Jiska Classen of TU Darmstadt, Secure Mobile Networking Lab, Francesco Gringoli of University of Brescia, Dennis Heinze of TU Darmstadt, Secure Mobile Networking Lab for their assistance.

boringssl We would like to acknowledge Thijs Alkemade (@xnyhps) of Computest for their assistance.

Control Center We would like to acknowledge Brandon Sellers for their assistance.

HomeKit We would like to acknowledge Tian Zhang for their assistance.

Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

Keyboard We would like to acknowledge an anonymous researcher for their assistance.

Mail We would like to acknowledge Kenneth Hyndycz for their assistance.

mDNSResponder We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance.

Profiles We would like to acknowledge Erik Johnson of Vernon Hills High School and James Seeley (@Code4iOS) of Shriver Job Corps for their assistance.

SafariViewController We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

VPN We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance.

WebKit We would like to acknowledge MinJeong Kim of Information Security Lab, Chungnam National University, JaeCheol Ryou of the Information Security Lab, Chungnam National University in South Korea, Yiğit Can YILMAZ (@yilmazcanyigit), Zhihua Yao of DBAPPSecurity Zion Lab, an anonymous researcher, and cc working with Trend Micro's Zero Day Initiative for their assistance.

Installation note:

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 13".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s3oACgkQBz4uGe3y 0M1GMxAAnwBO9htU2i7+SHsXiEt2xJbjilLMM9V5LObjUWqaHXOxdQuYiPxFy9lR neTOHwR2z1f3L3UPkGut28i24w7fwHVBdFh7w5p5RXlBf7tcRmFhKBUkYIhQ90Qj jO6DXiCL9InCBVs2nW9Fr4yYV13kdoES6MfguyldGVpQMkyUcZ3F2XK0RCHNqEgz h+1dR/uws3Ce+HNbb7wnqe4UzAI5DJUR/vH98+fWTl5P6CCaoZrv53vaxErLRBXi gn/4rtzw+wDlThlrpkE5MwxmvLMF2ZqjUhOSVzKb3qXK+RFgE9FH8SKEBKkCxAa+ 8/vZu+zdbN6KCzO608TXH9rNO2LbtQqTlO/jHGTJ30UEaKo9PyFozGkCE6XkWmFU xtayVkSL08drJEgm+CB80g//hr2CESF0fMHFe8yQYeN2uL5yQxoavyub8E/nPKn1 v32Z6Z2fpGzP3eCLYbV93cBcdJaeXTdib47vvodyYFfFEja7xrv0AvPAbSSm98DK VtFw3eNAKRbmIEAeY4b1uhdB+qUiqMEWqh0sd97+chY2Do90/4IG/3caLc0pTpDt huDUQs/IbSujrdjCWSfz35qU4u9sxPpM8wQR2M7mdfY9qGp+Xgfh/MprSZ4wOuS3 PAAs5Pdr9GfymsB+CDpMEr+DiTOza6SUjIadZ+j2FWaklzg7h1A= =NYIZ -----END PGP SIGNATURE-----

. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team

apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University

PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum

SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.7"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.14"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.10.1"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 10.9 earlier"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.16 (includes aas 8.2) earlier"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.4.4 earlier"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3 earlier"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3 earlier"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.10.3 for windows earlier"
      },
      {
        "_id": null,
        "model": "macos catalina",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.15.2 earlier"
      },
      {
        "_id": null,
        "model": "macos high sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.6 (security update 2019-007 not applied )"
      },
      {
        "_id": null,
        "model": "macos mojave",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.14.6 (security update 2019-002 not applied )"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.0.4 earlier"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3 earlier"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.3.4 earlier"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1.1 earlier"
      },
      {
        "_id": null,
        "model": "xcode",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3 earlier"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-863"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8745"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:icloud",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:ipados",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:itunes",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_catalina",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_high_sierra",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_mojave",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:watchos",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:xcode",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "riusksk of VulWar Corp",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-863"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-8745",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-8745",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-160180",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-8745",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-8745",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-8745",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2019-8745",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-392",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160180",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-863"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-392"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8745"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Falsification of information * Arbitrary code execution * Service operation interruption (DoS) * Privilege escalation * Authentication bypass. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the CFFromShiftJISLen function. Crafted data in a DOC file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. are all products of Apple (Apple). The product supports storage of music, photos, App and contacts, etc. Apple macOS Catalina is a dedicated operating system developed for Mac computers. UIFoundation is one of the UI framework components. \nEntry added October 29, 2019\n\nboringssl\nWe would like to acknowledge Nimrod Aviram of Tel Aviv University,\nRobert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr\nUniversity Bochum and Thijs Alkemade (@xnyhps) of Computest for their\nassistance. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-6 Additional information\nfor APPLE-SA-2019-9-26-3 iOS 13\n\niOS 13 addresses the following:\n\nBluetooth\nAvailable for: iPhone 6s and later\nImpact: Notification previews may show on Bluetooth accessories even\nwhen previews are disabled\nDescription: A logic issue existed with the display of notification\npreviews. \nCVE-2019-8711: Arjang of MARK ANTHONY GROUP INC., Cemil Ozkebapci\n(@cemilozkebapci) of Garanti BBVA, Oguzhan Meral of Deloitte\nConsulting, \u00d6mer Bozdo\u011fan-Ramazan At\u0131l Anadolu Lisesi\nAdana/T\u00dcRK\u0130YE\n\nCFNetwork\nAvailable for: iPhone 6s and later\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: This issue was addressed with improved checks. \nCVE-2019-8753: \u0141ukasz Pilorz of Standard Chartered GBS Poland\nEntry added October 29, 2019\n\nCoreAudio\nAvailable for: iPhone 6s and later\nImpact: Processing a maliciously crafted movie may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8705: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nCoreCrypto\nAvailable for: iPhone 6s and later\nImpact: Processing a large input may lead to a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2019-8741: Nicky Mouha of NIST\nEntry added October 29, 2019\n\nCoreMedia\nAvailable for: iPhone 6s and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8825: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nFace ID\nAvailable for: iPhone 6s and later\nImpact: A 3D model constructed to look like the enrolled user may\nauthenticate via Face ID\nDescription: This issue was addressed by improving Face ID machine\nlearning models. \nCVE-2019-8760: Wish Wu (\u5434\u6f4d\u6d60 @wish_wu) of Ant-financial\nLight-Year Security Lab\n\nFoundation\nAvailable for: iPhone 6s and later\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8641: Samuel Gro\u00df and Natalie Silvanovich of Google Project\nZero\nCVE-2019-8746: Natalie Silvanovich and Samuel Gro\u00df of Google Project\nZero\nEntry added October 29, 2019\n\nIOUSBDeviceFamily\nAvailable for: iPhone 6s and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8718: Joshua Hill and Sem Voigtl\u00e4nder\nEntry added October 29, 2019\n\nKernel\nAvailable for: iPhone 6s and later\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8809: Apple\nEntry added October 29, 2019\n\nKernel\nAvailable for: iPhone 6s and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8709: derrek (@derrekr6)\n[confirmed]derrek (@derrekr6)\nEntry added October 29, 2019\n\nKernel\nAvailable for: iPhone 6s and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8717: Jann Horn of Google Project Zero\nEntry added October 29, 2019\n\nKernel\nAvailable for: iPhone 6s and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8712: Mohamed Ghannam (@_simo36)\nEntry added October 29, 2019\n\nKernel\nAvailable for: iPhone 6s and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory corruption issue existed in the handling of\nIPv6 packets. \nCVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team\nEntry added October 29, 2019\n\nKeyboards\nAvailable for: iPhone 6s and later\nImpact: A local user may be able to leak sensitive user information\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2019-8704: \u738b \u90a6 \u5b87 (wAnyBug.Com) of SAINTSEC\n\nlibxml2\nAvailable for: iPhone 6s and later\nImpact: Multiple issues in libxml2\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8749: found by OSS-Fuzz\nCVE-2019-8756: found by OSS-Fuzz\nEntry added October 29, 2019\n\nMessages\nAvailable for: iPhone 6s and later\nImpact: A person with physical access to an iOS device may be able to\naccess contacts from the lock screen\nDescription: The issue was addressed by restricting options offered\non a locked device. \nCVE-2019-8742: videosdebarraquito\n\nNotes\nAvailable for: iPhone 6s and later\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: The contents of locked notes sometimes appeared in\nsearch results. \nCVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia\nPolytechnic Institute and State University\nEntry added October 29, 2019\n\nPluginKit\nAvailable for: iPhone 6s and later\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8708: an anonymous researcher\nEntry added October 29, 2019\n\nPluginKit\nAvailable for: iPhone 6s and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8715: an anonymous researcher\nEntry added October 29, 2019\n\nQuick Look\nAvailable for: iPhone 6s and later\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. \nCVE-2019-8731: Saif Hamed Hamdan Al Hinai of Oman National CERT,\nYi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nSafari\nAvailable for: iPhone 6s and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8745: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 29, 2019\n\nWebKit\nAvailable for: iPhone 6s and later\nImpact: Maliciously crafted web content may violate iframe sandboxing\npolicy\nDescription: This issue was addressed with improved iframe sandbox\nenforcement. \nCVE-2019-8771: Eliya Stein of Confiant\nEntry added October 29, 2019\n\nWebKit\nAvailable for: iPhone 6s and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-8707: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative, cc working with Trend Micro Zero Day Initiative\nCVE-2019-8726: Jihui Lu of Tencent KeenLab\nCVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of\nABLY Corporation\nCVE-2019-8733: Sergei Glazunov of Google Project Zero\nCVE-2019-8734: found by OSS-Fuzz\nCVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative\nEntry added October 29, 2019\n\nWebKit\nAvailable for: iPhone 6s and later\nImpact: A user may be unable to delete browsing history items\nDescription: \"Clear History and Website Data\" did not clear the\nhistory. The issue was addressed with improved data deletion. \nCVE-2019-8768: Hugo S. Diaz (coldpointblue)\nEntry added October 29, 2019\n\nWebKit\nAvailable for: iPhone 6s and later\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8625: Sergei Glazunov of Google Project Zero\nCVE-2019-8719: Sergei Glazunov of Google Project Zero\nCVE-2019-8764: Sergei Glazunov of Google Project Zero\nEntry added October 29, 2019\n\nWebKit Page Loading\nAvailable for: iPhone 6s and later\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8674: Sergei Glazunov of Google Project Zero\n\nAdditional recognition\n\nAppleRTC\nWe would like to acknowledge Vitaly Cheptsov for their assistance. \n\nAudio\nWe would like to acknowledge riusksk of VulWar Corp working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nBluetooth\nWe would like to acknowledge Jan Ruge of TU Darmstadt, Secure Mobile\nNetworking Lab, Jiska Classen of TU Darmstadt, Secure Mobile\nNetworking Lab, Francesco Gringoli of University of Brescia, Dennis\nHeinze of TU Darmstadt, Secure Mobile Networking Lab for their\nassistance. \n\nboringssl\nWe would like to acknowledge Thijs Alkemade (@xnyhps) of Computest\nfor their assistance. \n\nControl Center\nWe would like to acknowledge Brandon Sellers for their assistance. \n\nHomeKit\nWe would like to acknowledge Tian Zhang for their assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nKeyboard\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail\nWe would like to acknowledge Kenneth Hyndycz for their assistance. \n\nmDNSResponder\nWe would like to acknowledge Gregor Lang of e.solutions GmbH for\ntheir assistance. \n\nProfiles\nWe would like to acknowledge Erik Johnson of Vernon Hills High School\nand James Seeley (@Code4iOS) of Shriver Job Corps for their\nassistance. \n\nSafariViewController\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nVPN\nWe would like to acknowledge Royce Gawron of Second Son Consulting,\nInc. for their assistance. \n\nWebKit\nWe would like to acknowledge MinJeong Kim of Information Security\nLab, Chungnam National University, JaeCheol Ryou of the Information\nSecurity Lab, Chungnam National University in South Korea, Yi\u011fit Can\nYILMAZ (@yilmazcanyigit), Zhihua Yao of DBAPPSecurity Zion Lab, an\nanonymous researcher, and cc working with Trend Micro\u0027s Zero Day\nInitiative for their assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s3oACgkQBz4uGe3y\n0M1GMxAAnwBO9htU2i7+SHsXiEt2xJbjilLMM9V5LObjUWqaHXOxdQuYiPxFy9lR\nneTOHwR2z1f3L3UPkGut28i24w7fwHVBdFh7w5p5RXlBf7tcRmFhKBUkYIhQ90Qj\njO6DXiCL9InCBVs2nW9Fr4yYV13kdoES6MfguyldGVpQMkyUcZ3F2XK0RCHNqEgz\nh+1dR/uws3Ce+HNbb7wnqe4UzAI5DJUR/vH98+fWTl5P6CCaoZrv53vaxErLRBXi\ngn/4rtzw+wDlThlrpkE5MwxmvLMF2ZqjUhOSVzKb3qXK+RFgE9FH8SKEBKkCxAa+\n8/vZu+zdbN6KCzO608TXH9rNO2LbtQqTlO/jHGTJ30UEaKo9PyFozGkCE6XkWmFU\nxtayVkSL08drJEgm+CB80g//hr2CESF0fMHFe8yQYeN2uL5yQxoavyub8E/nPKn1\nv32Z6Z2fpGzP3eCLYbV93cBcdJaeXTdib47vvodyYFfFEja7xrv0AvPAbSSm98DK\nVtFw3eNAKRbmIEAeY4b1uhdB+qUiqMEWqh0sd97+chY2Do90/4IG/3caLc0pTpDt\nhuDUQs/IbSujrdjCWSfz35qU4u9sxPpM8wQR2M7mdfY9qGp+Xgfh/MprSZ4wOuS3\nPAAs5Pdr9GfymsB+CDpMEr+DiTOza6SUjIadZ+j2FWaklzg7h1A=\n=NYIZ\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security\nResearch Team\n\napache_mod_php\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in PHP\nDescription: Multiple issues were addressed by updating to PHP\nversion 7.3.8. \nCVE-2019-8705: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nCrash Reporter\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: The \"Share Mac Analytics\" setting may not be disabled when a\nuser deselects the switch to share analytics\nDescription: A race condition existed when reading and writing user\npreferences. \nCVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia\nPolytechnic Institute and State University\n\nPDFKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker may be able to exfiltrate the contents of an\nencrypted PDF\nDescription: An issue existed in the handling of links in encrypted\nPDFs. \nCVE-2019-8772: Jens M\u00fcller of Ruhr University Bochum, Fabian Ising\nof FH M\u00fcnster University of Applied Sciences, Vladislav Mladenov\nof Ruhr University Bochum, Christian Mainka of Ruhr University\nBochum, Sebastian Schinzel of FH M\u00fcnster University of Applied\nSciences, and J\u00f6rg Schwenk of Ruhr University Bochum\n\nSharedFileList\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to access recent\ndocuments\nDescription: The issue was addressed with improved permissions logic",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-863"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160180"
      },
      {
        "db": "PACKETSTORM",
        "id": "155061"
      },
      {
        "db": "PACKETSTORM",
        "id": "154771"
      },
      {
        "db": "PACKETSTORM",
        "id": "154769"
      },
      {
        "db": "PACKETSTORM",
        "id": "154780"
      },
      {
        "db": "PACKETSTORM",
        "id": "155064"
      },
      {
        "db": "PACKETSTORM",
        "id": "155062"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8745",
        "trust": 3.9
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-863",
        "trust": 1.3
      },
      {
        "db": "JVN",
        "id": "JVNVU99404393",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-8588",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-392",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "154780",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3760",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "155066",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-160180",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155061",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154771",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154769",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155064",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155062",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154768",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-863"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160180"
      },
      {
        "db": "PACKETSTORM",
        "id": "155061"
      },
      {
        "db": "PACKETSTORM",
        "id": "154771"
      },
      {
        "db": "PACKETSTORM",
        "id": "154769"
      },
      {
        "db": "PACKETSTORM",
        "id": "154780"
      },
      {
        "db": "PACKETSTORM",
        "id": "155064"
      },
      {
        "db": "PACKETSTORM",
        "id": "155062"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-392"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8745"
      }
    ]
  },
  "id": "VAR-201912-0562",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160180"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:09:56.904000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "About the security content of Safari 13.0.4",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210792"
      },
      {
        "title": "About the security content of Xcode 11.3",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210796"
      },
      {
        "title": "Mac \u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b macOS \u3092\u8abf\u3079\u308b",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT201260"
      },
      {
        "title": "About the security content of iOS 13.3 and iPadOS 13.3",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210785"
      },
      {
        "title": "About the security content of iCloud for Windows 10.9",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210794"
      },
      {
        "title": "About the security content of iOS 12.4.4",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210787"
      },
      {
        "title": "About the security content of iCloud for Windows 7.16 (includes AAS 8.2)",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210795"
      },
      {
        "title": "About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210788"
      },
      {
        "title": "About the security content of iTunes 12.10.3 for Windows",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210793"
      },
      {
        "title": "About the security content of watchOS 6.1.1",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210789"
      },
      {
        "title": "About the security content of tvOS 13.3",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210790"
      },
      {
        "title": "About the security content of watchOS 5.3.4",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210791"
      },
      {
        "title": "Apple has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://support.apple.com/en-us/HT210634"
      },
      {
        "title": "Apple macOS , iCloud  and iTunes Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99070"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-863"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-392"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160180"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8745"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8745"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht210722"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210634"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210635"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210636"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210637"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8719"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8733"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8707"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8726"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8717"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8763"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8730"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8757"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8701"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8770"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8748"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8772"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8758"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8781"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8755"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8768"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8701"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8745"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8770"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8705"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8748"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8772"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8707"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8755"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8781"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8717"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8757"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8719"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8758"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8726"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8763"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8730"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8768"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8625"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8733"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8769"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99404393/"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/en-us/ht210634"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.7,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht201222"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210637"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155066/apple-security-advisory-2019-10-29-10.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210636"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154780/apple-security-advisory-2019-10-07-4.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-863/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3760/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8735"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8728"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8744"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8734"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8712"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8718"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8746"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8749"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8709"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8741"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8753"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8706"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8752"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8751"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8740"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8704"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8747"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8756"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8809"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8799"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8727"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8708"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8711"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8742"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8674"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-863"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160180"
      },
      {
        "db": "PACKETSTORM",
        "id": "155061"
      },
      {
        "db": "PACKETSTORM",
        "id": "154771"
      },
      {
        "db": "PACKETSTORM",
        "id": "154769"
      },
      {
        "db": "PACKETSTORM",
        "id": "154780"
      },
      {
        "db": "PACKETSTORM",
        "id": "155064"
      },
      {
        "db": "PACKETSTORM",
        "id": "155062"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-392"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8745"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-19-863",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-160180",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "155061",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154771",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154769",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154780",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "155064",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "155062",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154768",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-392",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8745",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-10-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-863",
        "ident": null
      },
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160180",
        "ident": null
      },
      {
        "date": "2019-11-01T17:08:00",
        "db": "PACKETSTORM",
        "id": "155061",
        "ident": null
      },
      {
        "date": "2019-10-08T20:00:56",
        "db": "PACKETSTORM",
        "id": "154771",
        "ident": null
      },
      {
        "date": "2019-10-08T19:59:44",
        "db": "PACKETSTORM",
        "id": "154769",
        "ident": null
      },
      {
        "date": "2019-10-08T20:44:48",
        "db": "PACKETSTORM",
        "id": "154780",
        "ident": null
      },
      {
        "date": "2019-11-01T17:09:58",
        "db": "PACKETSTORM",
        "id": "155064",
        "ident": null
      },
      {
        "date": "2019-11-01T17:08:23",
        "db": "PACKETSTORM",
        "id": "155062",
        "ident": null
      },
      {
        "date": "2019-10-08T19:59:26",
        "db": "PACKETSTORM",
        "id": "154768",
        "ident": null
      },
      {
        "date": "2019-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-392",
        "ident": null
      },
      {
        "date": "2019-12-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012754",
        "ident": null
      },
      {
        "date": "2019-12-18T18:15:38.443000",
        "db": "NVD",
        "id": "CVE-2019-8745",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-10-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-863",
        "ident": null
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160180",
        "ident": null
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-392",
        "ident": null
      },
      {
        "date": "2020-01-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012754",
        "ident": null
      },
      {
        "date": "2024-11-21T04:50:23.967000",
        "db": "NVD",
        "id": "CVE-2019-8745",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-392"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "plural  Apple Updates to product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012754"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "overflow, code execution, xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155061"
      },
      {
        "db": "PACKETSTORM",
        "id": "154771"
      },
      {
        "db": "PACKETSTORM",
        "id": "154769"
      },
      {
        "db": "PACKETSTORM",
        "id": "154780"
      },
      {
        "db": "PACKETSTORM",
        "id": "155064"
      },
      {
        "db": "PACKETSTORM",
        "id": "155062"
      }
    ],
    "trust": 0.6
  }
}

VAR-202203-0099

Vulnerability from variot - Updated: 2026-04-10 23:08

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ap_escape_html2 function. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257.

AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26772: an anonymous researcher

AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-26741: ABC Research s.r.o CVE-2022-26742: ABC Research s.r.o CVE-2022-26749: ABC Research s.r.o CVE-2022-26750: ABC Research s.r.o CVE-2022-26752: ABC Research s.r.o CVE-2022-26753: ABC Research s.r.o CVE-2022-26754: ABC Research s.r.o

apache Available for: macOS Monterey Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721

AppleGraphicsControl Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro

AVEVideoEncoder Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher

Contacts Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing

CVMS Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

ImageIO Available for: macOS Monterey Impact: Photo location information may persist after it is removed with Preview Inspector Description: A logic issue was addressed with improved state management. CVE-2022-26725: Andrew Williams and Avi Drissman of Google

Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative

Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc

IOKit Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher

Kernel Available for: macOS Monterey Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26743: Jordy Zomer (@pwningsystems)

Kernel Available for: macOS Monterey Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel Available for: macOS Monterey Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices Available for: macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)

LaunchServices Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team

libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778

libxml2 Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308

OpenSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778

PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)

PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t)

Preview Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing

Printing Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics

Safari Private Browsing Available for: macOS Monterey Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher

Security Available for: macOS Monterey Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger

SoftwareUpdate Available for: macOS Monterey Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)

Spotlight Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. CVE-2022-26704: an anonymous researcher

TCC Available for: macOS Monterey Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher

Tcl Available for: macOS Monterey Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC Available for: macOS Monterey Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher

Wi-Fi Available for: macOS Monterey Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher

Wi-Fi Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval

Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval

zip Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530

zlib Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy

zsh Available for: macOS Monterey Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444

Additional recognition

AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.

Calendar We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.

FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

FileVault We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.

Photo Booth We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

System Preferences We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance.

WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.

Wi-Fi We would like to acknowledge Dana Morrison for their assistance.

macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+ rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc 402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa 5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4= =jaCZ -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: httpd24-httpd security and bug fix update Advisory ID: RHSA-2022:6753-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6753 Issue date: 2022-09-29 CVE Names: CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 =====================================================================

Summary:

An update for httpd24-httpd is now available for Red Hat Software Collections.

Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Security Fix(es):

httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)

Additional changes:

To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.

LimitRequestBody 2147483648

Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Bugs fixed (https://bugzilla.redhat.com/):

Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm

noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm

noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20

                                       https://security.gentoo.org/

Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20

Synopsis

Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Apache HTTPD users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"

All Apache HTTPD tools users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202208-20

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. ========================================================================= Ubuntu Security Notice USN-5333-2 March 17, 2022

apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. (CVE-2022-22721)

Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. (CVE-2022-23943)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm5 apache2-bin 2.4.18-2ubuntu3.17+esm5

Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm4 apache2-bin 2.4.7-1ubuntu4.22+esm4

In general, a standard system update will make all the necessary changes

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0.0"
      },
      {
        "_id": null,
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "zfs storage appliance kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.8"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.4"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6.6"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "http server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.4.52"
      },
      {
        "_id": null,
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "_id": null,
        "model": "actsecure \u30dd\u30fc\u30bf\u30eb",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "_id": null,
        "model": "witchymail",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "_id": null,
        "model": "connexive pf",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "_id": null,
        "model": "spoolserver/reportfiling",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "_id": null,
        "model": "http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      },
      {
        "_id": null,
        "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "webotx application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "_id": null,
        "model": "httpd server 2.x",
        "scope": null,
        "trust": 0.7,
        "vendor": "apache",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-876"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22721"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Anonymous",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-876"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2022-22721",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-22721",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2022-22721",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-411397",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-22721",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-22721",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2022-22721",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22721",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22721",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "ZDI",
            "id": "CVE-2022-22721",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-1299",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-411397",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-876"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22721"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ap_escape_html2 function. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-2 macOS Monterey 12.4\n\nmacOS Monterey 12.4 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213257. \n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26772: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2022-26741: ABC Research s.r.o\nCVE-2022-26742: ABC Research s.r.o\nCVE-2022-26749: ABC Research s.r.o\nCVE-2022-26750: ABC Research s.r.o\nCVE-2022-26752: ABC Research s.r.o\nCVE-2022-26753: ABC Research s.r.o\nCVE-2022-26754: ABC Research s.r.o\n\napache\nAvailable for: macOS Monterey\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAVEVideoEncoder\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26736: an anonymous researcher\nCVE-2022-26737: an anonymous researcher\nCVE-2022-26738: an anonymous researcher\nCVE-2022-26739: an anonymous researcher\nCVE-2022-26740: an anonymous researcher\n\nContacts\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26694: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nCVMS\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nImageIO\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow issue was addressed with improved\ninput validation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Photo location information may persist after it is removed\nwith Preview Inspector\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26725: Andrew Williams and Avi Drissman of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIOKit\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\nIOMobileFrameBuffer\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved code execution in macOS\nRecovery may be able to escalate to kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26743: Jordy Zomer (@pwningsystems)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nLibreSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26727: Mickey Jin (@patch1t)\n\nPreview\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26693: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nPrinting\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSafari Private Browsing\nAvailable for: macOS Monterey\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26731: an anonymous researcher\n\nSecurity\nAvailable for: macOS Monterey\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: A validation issue existed in the handling of symlinks\nand was addressed with improved validation of symlinks. \nCVE-2022-26704: an anonymous researcher\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Video self-preview in a webRTC call may be interrupted if the\nuser answers a phone call\nDescription: A logic issue in the handling of concurrent media was\naddressed with improved state handling. \nWebKit Bugzilla: 237524\nCVE-2022-22677: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26762: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nCalendar\nWe would like to acknowledge Eugene Lim of Government Technology\nAgency of Singapore for their assistance. \n\nFaceTime\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nFileVault\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH\nfor their assistance. \n\nLogin Window\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nSystem Preferences\nWe would like to acknowledge Mohammad Tausif Siddiqui\n(@toshsiddiqui), an anonymous researcher for their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nWi-Fi\nWe would like to acknowledge Dana Morrison for their assistance. \n\nmacOS Monterey 12.4 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg\nEjpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI\nDyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma\nmH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+\nrQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc\n402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV\nJ23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa\n5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ\nopD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs\nZ5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f\nLHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=\n=jaCZ\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: httpd24-httpd security and bug fix update\nAdvisory ID:       RHSA-2022:6753-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6753\nIssue date:        2022-09-29\nCVE Names:         CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 \n                   CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 \n                   CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 \n                   CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 \n                   CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd24-httpd is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody\n(CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited\nLimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()\n2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2022-22719\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-29404\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-30556\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/6975397\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Apache HTTPD: Multiple Vulnerabilities\n     Date: August 14, 2022\n     Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n       ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n      https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n      https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n      https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n      https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n      https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n      https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. =========================================================================\nUbuntu Security Notice USN-5333-2\nMarch 17, 2022\n\napache2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chamal De Silva discovered that the Apache HTTP Server mod_lua module\n incorrectly handled certain crafted request bodies. A remote attacker could\n possibly use this issue to cause the server to crash, resulting in a denial\n of service. (CVE-2022-22719)\n\n James Kettle discovered that the Apache HTTP Server incorrectly closed\n inbound connection when certain errors are encountered. A remote attacker\n could possibly use this issue to perform an HTTP Request Smuggling attack. \n (CVE-2022-22720)\n\n It was discovered that the Apache HTTP Server incorrectly handled large\n LimitXMLRequestBody settings on certain platforms. (CVE-2022-22721)\n\n Ronald Crane discovered that the Apache HTTP Server mod_sed module\n incorrectly handled memory. (CVE-2022-23943)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  apache2                         2.4.18-2ubuntu3.17+esm5\n  apache2-bin                     2.4.18-2ubuntu3.17+esm5\n\nUbuntu 14.04 ESM:\n  apache2                         2.4.7-1ubuntu4.22+esm4\n  apache2-bin                     2.4.7-1ubuntu4.22+esm4\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22721"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-876"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411397"
      },
      {
        "db": "PACKETSTORM",
        "id": "167186"
      },
      {
        "db": "PACKETSTORM",
        "id": "168565"
      },
      {
        "db": "PACKETSTORM",
        "id": "169770"
      },
      {
        "db": "PACKETSTORM",
        "id": "168072"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "166355"
      },
      {
        "db": "PACKETSTORM",
        "id": "166365"
      }
    ],
    "trust": 2.97
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-411397",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411397"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22721",
        "trust": 4.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/03/14/2",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "166355",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166365",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169770",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "168565",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "168072",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99602154",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-16119",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-876",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167189",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170166",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169845",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051703",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022050324",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071320",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031416",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032127",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022041954",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031504",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060706",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031727",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071970",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1076",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1234",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1158",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2411",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1299",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "167186",
        "trust": 0.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-41638",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167188",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-411397",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170165",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-876"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411397"
      },
      {
        "db": "PACKETSTORM",
        "id": "167186"
      },
      {
        "db": "PACKETSTORM",
        "id": "168565"
      },
      {
        "db": "PACKETSTORM",
        "id": "169770"
      },
      {
        "db": "PACKETSTORM",
        "id": "168072"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "166355"
      },
      {
        "db": "PACKETSTORM",
        "id": "166365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22721"
      }
    ]
  },
  "id": "VAR-202203-0099",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411397"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:08:16.907000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "hitachi-sec-2023-217",
        "trust": 1.5,
        "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "title": "Apache HTTP Server Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=186377"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-876"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.1
      },
      {
        "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22721"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2"
      },
      {
        "trust": 1.8,
        "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202208-20"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213255"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213256"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213257"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/may/38"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/may/35"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/may/33"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2022-22721"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99602154/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
      },
      {
        "trust": 0.6,
        "url": "httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1158"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1234"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1076"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031727"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071320"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060706"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22721/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169845/red-hat-security-advisory-2022-8067-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031416"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032127"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071970"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-http-server-integer-overflow-via-large-limitxmlrequestbody-37794"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166355/ubuntu-security-notice-usn-5333-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213256"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169770/red-hat-security-advisory-2022-7647-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166365/ubuntu-security-notice-usn-5333-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031504"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022050324"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-28614"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-28615"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-31813"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30522"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-23943"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-26377"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30556"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22719"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-29404"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5333-1"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26708"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213257."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26694"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26693"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/6975397"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39275"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6753"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34798"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44224"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33193"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7647"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40303"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-35252"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5333-2"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-876"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411397"
      },
      {
        "db": "PACKETSTORM",
        "id": "167186"
      },
      {
        "db": "PACKETSTORM",
        "id": "168565"
      },
      {
        "db": "PACKETSTORM",
        "id": "169770"
      },
      {
        "db": "PACKETSTORM",
        "id": "168072"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "166355"
      },
      {
        "db": "PACKETSTORM",
        "id": "166365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22721"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-22-876",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-411397",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167186",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168565",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169770",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168072",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170165",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166355",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166365",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1299",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22721",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-06-29T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-876",
        "ident": null
      },
      {
        "date": "2022-03-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411397",
        "ident": null
      },
      {
        "date": "2022-05-17T16:58:15",
        "db": "PACKETSTORM",
        "id": "167186",
        "ident": null
      },
      {
        "date": "2022-09-30T14:51:18",
        "db": "PACKETSTORM",
        "id": "168565",
        "ident": null
      },
      {
        "date": "2022-11-08T13:48:57",
        "db": "PACKETSTORM",
        "id": "169770",
        "ident": null
      },
      {
        "date": "2022-08-15T16:02:48",
        "db": "PACKETSTORM",
        "id": "168072",
        "ident": null
      },
      {
        "date": "2022-12-08T21:28:21",
        "db": "PACKETSTORM",
        "id": "170165",
        "ident": null
      },
      {
        "date": "2022-03-17T15:54:28",
        "db": "PACKETSTORM",
        "id": "166355",
        "ident": null
      },
      {
        "date": "2022-03-18T15:34:37",
        "db": "PACKETSTORM",
        "id": "166365",
        "ident": null
      },
      {
        "date": "2022-03-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-1299",
        "ident": null
      },
      {
        "date": "2022-03-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-001480",
        "ident": null
      },
      {
        "date": "2022-03-14T11:15:09.133000",
        "db": "NVD",
        "id": "CVE-2022-22721",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-06-29T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-876",
        "ident": null
      },
      {
        "date": "2022-11-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411397",
        "ident": null
      },
      {
        "date": "2022-12-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-1299",
        "ident": null
      },
      {
        "date": "2023-12-12T07:48:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-001480",
        "ident": null
      },
      {
        "date": "2024-11-21T06:47:19.193000",
        "db": "NVD",
        "id": "CVE-2022-22721",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168072"
      },
      {
        "db": "PACKETSTORM",
        "id": "166355"
      },
      {
        "db": "PACKETSTORM",
        "id": "166365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1299"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "Apache\u00a0HTTP\u00a0Server\u00a0 Integer overflow vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001480"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-1299"
      }
    ],
    "trust": 0.6
  }
}

VAR-201710-1409

Vulnerability from variot - Updated: 2026-04-10 23:07

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple arbitrary-code execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products.

Installation note:

Safari 11 may be obtained from the Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0008

Date reported : October 18, 2017 Advisory ID : WSA-2017-0008 Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142.

Several vulnerabilities were discovered in WebKitGTK+. Credit to Apple. Description: A memory corruption issue was addressed through improved input validation. Credit to Apple. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Credit to Apple. Impact: Cookies belonging to one origin may be sent to another origin. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. Credit to Wei Yuan of Baidu Security Lab working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Samuel Gro and Niklas Baumstark working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Apple. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Masato Kinugawa and Mario Heiderich of Cure53. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Secutity Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to avlidienbrunn. Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: Application Cache policy may be unexpectedly applied. Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to lokihardt of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: Website data may persist after a Safari Private browsing session. Description: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling.

We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.

Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html

The WebKitGTK+ team, October 18, 2017

. ========================================================================== Ubuntu Security Notice USN-3460-1 October 23, 2017

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.04
Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in WebKitGTK+.

Software Description: - webkit2gtk: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.17.04.2 libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.17.04.2

Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.16.04.2 libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.16.04.2

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References: https://www.ubuntu.com/usn/usn-3460-1 CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120

Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-09-25-4 Additional information for APPLE-SA-2017-09-19-1 iOS 11

iOS 11 addresses the following:

Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to access restricted files Description: A privacy issue existed in the handling of Contact cards. CVE-2017-7131: Dominik Conrads of Federal Office for Information Security, an anonymous researcher, Elvis (@elvisimprsntr), an anonymous researcher Entry added September 25, 2017

CFNetwork Proxies Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7083: Abhinav Bansal of Zscaler Inc. Entry added September 25, 2017

CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4. CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro Entry added September 25, 2017

Exchange ActiveSync Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to erase a device during Exchange account setup Description: A validation issue existed in AutoDiscover V1. This was addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is now supported. CVE-2017-7088: Ilya Nesterov, Maxim Goncharov

Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to impersonate a service Description: A validation issue existed in the handling of the KDC- REP service name. CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams Entry added September 25, 2017

iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7072: JAdrzej Krysztofiak Entry added September 25, 2017

Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7114: Alex Plaskett of MWR InfoSecurity Entry added September 25, 2017

Keyboard Suggestions Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Keyboard autocorrect suggestions may reveal sensitive information Description: The iOS keyboard was inadvertently caching sensitive information. CVE-2017-7140: an anonymous researcher Entry added September 25, 2017

libc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause a denial-of-service Description: A resource exhaustion issue in glob() was addressed through an improved algorithm. CVE-2017-7086: Russ Cox of Google Entry added September 25, 2017

libc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-1000373 Entry added September 25, 2017

libexpat Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1 CVE-2016-9063 CVE-2017-9233 Entry added September 25, 2017

Location Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read sensitive location information Description: A permissions issue existed in the handling of the location variable. This was addressed with additional ownership checks. CVE-2017-7148: an anonymous researcher, an anonymous researcher Entry added September 25, 2017

Mail Drafts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. CVE-2017-7078: an anonymous researcher, an anonymous researcher, an anonymous researcher Entry added September 25, 2017

Mail MessageUI Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted image may lead to a denial of service Description: A memory corruption issue was addressed with improved validation. CVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital

Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted image may lead to a denial of service Description: A denial of service issue was addressed through improved validation. CVE-2017-7118: Kiki Jiang and Jason Tokoph

MobileBackup Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Backup may perform an unencrypted backup despite a requirement to perform only encrypted backups Description: A permissions issue existed. CVE-2017-7133: Don Sparks of HackediOS.com

Phone Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A screenshot of secure content may be taken when locking an iOS device Description: A timing issue existed in the handling of locking. CVE-2017-7139: an anonymous researcher Entry added September 25, 2017

Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)

Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. CVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of BA|rum kommune Entry added September 25, 2017

Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious app may be able to track users between installs Description: A permission checking issue existed in the handling of an app's Keychain data. CVE-2017-7146: an anonymous researcher Entry added September 25, 2017

SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating to version 3.19.3. CVE-2017-10989: found by OSS-Fuzz CVE-2017-7128: found by OSS-Fuzz CVE-2017-7129: found by OSS-Fuzz CVE-2017-7130: found by OSS-Fuzz Entry added September 25, 2017

SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7127: an anonymous researcher Entry added September 25, 2017

Time Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: "Setting Time Zone" may incorrectly indicate that it is using location Description: A permissions issue existed in the process that handles time zone information. The issue was resolved by modifying permissions. CVE-2017-7145: an anonymous researcher Entry added September 25, 2017

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7081: Apple Entry added September 25, 2017

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies belonging to one origin may be sent to another origin Description: A permissions issue existed in the handling of web browser cookies. CVE-2017-7090: Apple Entry added September 25, 2017

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7109: avlidienbrunn Entry added September 25, 2017

WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies. CVE-2017-7144: an anonymous researcher Entry added September 25, 2017

Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-11120: Gal Beniamini of Google Project Zero CVE-2017-11121: Gal Beniamini of Google Project Zero Entry added September 25, 2017

Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7103: Gal Beniamini of Google Project Zero CVE-2017-7105: Gal Beniamini of Google Project Zero CVE-2017-7108: Gal Beniamini of Google Project Zero CVE-2017-7110: Gal Beniamini of Google Project Zero CVE-2017-7112: Gal Beniamini of Google Project Zero

Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7116: Gal Beniamini of Google Project Zero

zlib Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Multiple issues in zlib Description: Multiple issues were addressed by updating to version 1.2.11. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Entry added September 25, 2017

Additional recognition

Security We would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.

Webkit We would like to acknowledge xisigr of Tencent's Xuanwu Lab (tencent.com) for their assistance.

Installation note:

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGvBgQAJIF/+cKGy/7YWEugFrwr8A3 rNzHU/yZ3X976fmlYM8l+VUJEn2khu5huPsQzYUvEdbHOWkUGThKil+NzDr3YP6V YYRIi+6i9KJEATGQAdR9YW6bcqJCu7S2xxNBnXtOxR/1TzO4LvVQsWJo0c5z91dD Aid3uYhx1SPwcaF5O5CfRQcp1JSLOWKZOaxO+u+DmtYIM746jrz3FOrfEN8mQp0q CwUSE/Vum7ImOsNUO308QnGmL7s/FGkp86/JtNTbAxJ47Rhqu5lcXj3q1ntrlLdX VFC+K7mNdwNtc1vqB03W5gamyD1qVcTvvwJ3D9cpQAySTDyRFF9cGw+TrzaDl48B 8iiY7D/KkhHuY4jskCF6xyjzloK9RfgKg2FzEBndoESt7bEw4eufF9wnrfV/M1xw 6U4DSjZxgqUwV7YqMX/VnpcEuxg5q9emCQmBfudnVIPKuOITg8x1oyE1e036MDo5 zon/cRIxqaSt8K6rI7TafxQIwpM541N89O/VZbcVey5JFIu1kew4G/gMivMOyroE +xqxLmeGgD10LMZOgoRsNBiKDy8JLJa2lO2dVTZMV4bdtCngeDikDNLqYUcW8lfa 5ZsQBceoCI6abj4PV35N7dHVATFudhrZmhY0epHt13xmRHUFTywOktu/TkOZM8HR eU2TBtOsDF6N5SFunvAC =s5yy -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "itunes",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6.2"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.9.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.6.2"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.0   (windows 7 or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11   (ipad air or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11   (iphone 5s or later )"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11   (ipod touch first  6 generation )"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.7   (windows 7 or later )"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11   (macos high sierra 10.13)"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11   (macos sierra 10.12.6)"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11   (os x el capitan 10.11.6)"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11   (apple tv first  4 generation )"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "_id": null,
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "6.9.1"
      },
      {
        "_id": null,
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.28"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.5"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.3"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.1"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.0.163"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.7"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1.7"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1.42"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1.10"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.0.80"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2.12"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1.4"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "_id": null,
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7096"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:icloud",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:itunes",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:apple_tv",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "144371"
      },
      {
        "db": "PACKETSTORM",
        "id": "144368"
      },
      {
        "db": "PACKETSTORM",
        "id": "144369"
      },
      {
        "db": "PACKETSTORM",
        "id": "144373"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2017-7096",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-7096",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-115299",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-7096",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7096",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7096",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-1084",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115299",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115299"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7096"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple arbitrary-code execution vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of the user. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. \n\nInstallation note:\n\nSafari 11 may be obtained from the Mac App Store. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory                               WSA-2017-0008\n------------------------------------------------------------------------\n\nDate reported      : October 18, 2017\nAdvisory ID        : WSA-2017-0008\nAdvisory URL       : https://webkitgtk.org/security/WSA-2017-0008.html\nCVE identifiers    : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,\n                     CVE-2017-7090, CVE-2017-7091, CVE-2017-7092,\n                     CVE-2017-7093, CVE-2017-7094, CVE-2017-7095,\n                     CVE-2017-7096, CVE-2017-7098, CVE-2017-7099,\n                     CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,\n                     CVE-2017-7107, CVE-2017-7109, CVE-2017-7111,\n                     CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n    Credit to Apple. Description: A memory corruption issue was\n    addressed through improved input validation. \n    Credit to Apple. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. \n    Impact: Processing maliciously crafted web content may lead to\n    universal cross site scripting. Description: A logic issue existed\n    in the handling of the parent-tab. This issue was addressed with\n    improved state management. \n    Credit to Apple. \n    Impact: Cookies belonging to one origin may be sent to another\n    origin. Description: A permissions issue existed in the handling of\n    web browser cookies. This issue was addressed by no longer returning\n    cookies for custom URL schemes. \n    Credit to Wei Yuan of Baidu Security Lab working with Trend Microas\n    Zero Day Initiative. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel\n    Gro and Niklas Baumstark working with Trend Micro\u0027s Zero Day\n    Initiative. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Samuel Gro and Niklas Baumstark working with Trend Microas\n    Zero Day Initiative. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n    Technological University working with Trend Microas Zero Day\n    Initiative. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Apple. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Masato Kinugawa and Mario Heiderich of Cure53. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n    Technological University. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to likemeng of Baidu Secutity Lab. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n    Technological University. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to avlidienbrunn. \n    Impact: Processing maliciously crafted web content may lead to a\n    cross site scripting attack. Description: Application Cache policy\n    may be unexpectedly applied. \n    Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working\n    with Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to lokihardt of Google Project Zero. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption\n    issues were addressed with improved memory handling. \n    Credit to an anonymous researcher. \n    Impact: Website data may persist after a Safari Private browsing\n    session. Description: An information leakage issue existed in the\n    handling of website data in Safari Private windows. This issue was\n    addressed with improved data handling. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nOctober 18, 2017\n\n. ==========================================================================\nUbuntu Security Notice USN-3460-1\nOctober 23, 2017\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n  libjavascriptcoregtk-4.0-18     2.18.0-0ubuntu0.17.04.2\n  libwebkit2gtk-4.0-37            2.18.0-0ubuntu0.17.04.2\n\nUbuntu 16.04 LTS:\n  libjavascriptcoregtk-4.0-18     2.18.0-0ubuntu0.16.04.2\n  libwebkit2gtk-4.0-37            2.18.0-0ubuntu0.16.04.2\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n  https://www.ubuntu.com/usn/usn-3460-1\n  CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,\n  CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096,\n  CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,\n  CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117,\n  CVE-2017-7120\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2\n  https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-09-25-4\nAdditional information for APPLE-SA-2017-09-19-1 iOS 11\n\niOS 11 addresses the following:\n\nBluetooth\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An application may be able to access restricted files\nDescription: A privacy issue existed in the handling of Contact\ncards. \nCVE-2017-7131: Dominik Conrads of Federal Office for Information\nSecurity, an anonymous researcher, Elvis (@elvisimprsntr), an\nanonymous researcher\nEntry added September 25, 2017\n\nCFNetwork Proxies\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7083: Abhinav Bansal of Zscaler Inc. \nEntry added September 25, 2017\n\nCoreAudio\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed by updating to Opus\nversion 1.1.4. \nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend\nMicro\nEntry added September 25, 2017\n\nExchange ActiveSync\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An attacker in a privileged network position may be able to\nerase a device during Exchange account setup\nDescription: A validation issue existed in AutoDiscover V1. This was\naddressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is\nnow supported. \nCVE-2017-7088: Ilya Nesterov, Maxim Goncharov\n\nHeimdal\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An attacker in a privileged network position may be able to\nimpersonate a service\nDescription: A validation issue existed in the handling of the KDC-\nREP service name. \nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\nEntry added September 25, 2017\n\niBooks\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Parsing a maliciously crafted iBooks file may lead to a\npersistent denial-of-service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7072: JAdrzej Krysztofiak\nEntry added September 25, 2017\n\nKernel\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\nEntry added September 25, 2017\n\nKeyboard Suggestions\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Keyboard autocorrect suggestions may reveal sensitive\ninformation\nDescription: The iOS keyboard was inadvertently caching sensitive\ninformation. \nCVE-2017-7140: an anonymous researcher\nEntry added September 25, 2017\n\nlibc\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: A remote attacker may be able to cause a denial-of-service\nDescription: A resource exhaustion issue in glob() was addressed\nthrough an improved algorithm. \nCVE-2017-7086: Russ Cox of Google\nEntry added September 25, 2017\n\nlibc\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An application may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-1000373\nEntry added September 25, 2017\n\nlibexpat\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Multiple issues in expat\nDescription: Multiple issues were addressed by updating to version\n2.2.1\nCVE-2016-9063\nCVE-2017-9233\nEntry added September 25, 2017\n\nLocation Framework\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An application may be able to read sensitive location\ninformation\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed with additional ownership\nchecks. \nCVE-2017-7148: an anonymous researcher, an anonymous researcher\nEntry added September 25, 2017\n\nMail Drafts\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An attacker with a privileged network position may be able to\nintercept mail contents\nDescription: An encryption issue existed in the handling of mail\ndrafts. \nCVE-2017-7078: an anonymous researcher, an anonymous researcher, an\nanonymous researcher\nEntry added September 25, 2017\n\nMail MessageUI\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital\n\nMessages\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A denial of service issue was addressed through improved\nvalidation. \nCVE-2017-7118: Kiki Jiang and Jason Tokoph\n\nMobileBackup\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Backup may perform an unencrypted backup despite a\nrequirement to perform only encrypted backups\nDescription: A permissions issue existed. \nCVE-2017-7133: Don Sparks of HackediOS.com\n\nPhone\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: A screenshot of secure content may be taken when locking an\niOS device\nDescription: A timing issue existed in the handling of locking. \nCVE-2017-7139: an anonymous researcher\nEntry added September 25, 2017\n\nSafari\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7085: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nSecurity\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: A revoked certificate may be trusted\nDescription: A certificate validation issue existed in the handling\nof revocation data. \nCVE-2017-7080: an anonymous researcher, an anonymous researcher,\nSven Driemecker of adesso mobile solutions gmbh,\nRune Darrud (@theflyingcorpse) of BA|rum kommune\nEntry added September 25, 2017\n\nSecurity\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: A malicious app may be able to track users between installs\nDescription: A permission checking issue existed in the handling of\nan app\u0027s Keychain data. \nCVE-2017-7146: an anonymous researcher\nEntry added September 25, 2017\n\nSQLite\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating to\nversion 3.19.3. \nCVE-2017-10989: found by OSS-Fuzz\nCVE-2017-7128: found by OSS-Fuzz\nCVE-2017-7129: found by OSS-Fuzz\nCVE-2017-7130: found by OSS-Fuzz\nEntry added September 25, 2017\n\nSQLite\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7127: an anonymous researcher\nEntry added September 25, 2017\n\nTime\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: \"Setting Time Zone\" may incorrectly indicate that it is using\nlocation\nDescription: A permissions issue existed in the process that handles\ntime zone information. The issue was resolved by modifying\npermissions. \nCVE-2017-7145: an anonymous researcher\nEntry added September 25, 2017\n\nWebKit\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-7081: Apple\nEntry added September 25, 2017\n\nWebKit\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify\nEntry added September 25, 2017\n\nWebKit\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Cookies belonging to one origin may be sent to another origin\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. \nCVE-2017-7090: Apple\nEntry added September 25, 2017\n\nWebKit\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7109: avlidienbrunn\nEntry added September 25, 2017\n\nWebKit\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. \nCVE-2017-7144: an anonymous researcher\nEntry added September 25, 2017\n\nWi-Fi\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-11120: Gal Beniamini of Google Project Zero\nCVE-2017-11121: Gal Beniamini of Google Project Zero\nEntry added September 25, 2017\n\nWi-Fi\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nexecute arbitrary code with kernel privileges on the application\nprocessor\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7103: Gal Beniamini of Google Project Zero\nCVE-2017-7105: Gal Beniamini of Google Project Zero\nCVE-2017-7108: Gal Beniamini of Google Project Zero\nCVE-2017-7110: Gal Beniamini of Google Project Zero\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\nWi-Fi\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nexecute arbitrary code with kernel privileges on the application\nprocessor\nDescription: Multiple race conditions were addressed through improved\nvalidation. \nCVE-2017-7115: Gal Beniamini of Google Project Zero\n\nWi-Fi\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nread restricted kernel memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\nzlib\nAvailable for:  iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Multiple issues in zlib\nDescription: Multiple issues were addressed by updating to version\n1.2.11. \nCVE-2016-9840\nCVE-2016-9841\nCVE-2016-9842\nCVE-2016-9843\nEntry added September 25, 2017\n\nAdditional recognition\n\nSecurity\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. \nfor their assistance. \n\nWebkit\nWe would like to acknowledge xisigr of Tencent\u0027s Xuanwu Lab\n(tencent.com) for their assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGvBgQAJIF/+cKGy/7YWEugFrwr8A3\nrNzHU/yZ3X976fmlYM8l+VUJEn2khu5huPsQzYUvEdbHOWkUGThKil+NzDr3YP6V\nYYRIi+6i9KJEATGQAdR9YW6bcqJCu7S2xxNBnXtOxR/1TzO4LvVQsWJo0c5z91dD\nAid3uYhx1SPwcaF5O5CfRQcp1JSLOWKZOaxO+u+DmtYIM746jrz3FOrfEN8mQp0q\nCwUSE/Vum7ImOsNUO308QnGmL7s/FGkp86/JtNTbAxJ47Rhqu5lcXj3q1ntrlLdX\nVFC+K7mNdwNtc1vqB03W5gamyD1qVcTvvwJ3D9cpQAySTDyRFF9cGw+TrzaDl48B\n8iiY7D/KkhHuY4jskCF6xyjzloK9RfgKg2FzEBndoESt7bEw4eufF9wnrfV/M1xw\n6U4DSjZxgqUwV7YqMX/VnpcEuxg5q9emCQmBfudnVIPKuOITg8x1oyE1e036MDo5\nzon/cRIxqaSt8K6rI7TafxQIwpM541N89O/VZbcVey5JFIu1kew4G/gMivMOyroE\n+xqxLmeGgD10LMZOgoRsNBiKDy8JLJa2lO2dVTZMV4bdtCngeDikDNLqYUcW8lfa\n5ZsQBceoCI6abj4PV35N7dHVATFudhrZmhY0epHt13xmRHUFTywOktu/TkOZM8HR\neU2TBtOsDF6N5SFunvAC\n=s5yy\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7096"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      },
      {
        "db": "BID",
        "id": "101006"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115299"
      },
      {
        "db": "PACKETSTORM",
        "id": "144371"
      },
      {
        "db": "PACKETSTORM",
        "id": "144368"
      },
      {
        "db": "PACKETSTORM",
        "id": "144667"
      },
      {
        "db": "PACKETSTORM",
        "id": "144707"
      },
      {
        "db": "PACKETSTORM",
        "id": "144369"
      },
      {
        "db": "PACKETSTORM",
        "id": "144373"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7096",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "101006",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1039428",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1039384",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU99806334",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-115299",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144371",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144368",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144667",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144707",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144369",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144373",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115299"
      },
      {
        "db": "BID",
        "id": "101006"
      },
      {
        "db": "PACKETSTORM",
        "id": "144371"
      },
      {
        "db": "PACKETSTORM",
        "id": "144368"
      },
      {
        "db": "PACKETSTORM",
        "id": "144667"
      },
      {
        "db": "PACKETSTORM",
        "id": "144707"
      },
      {
        "db": "PACKETSTORM",
        "id": "144369"
      },
      {
        "db": "PACKETSTORM",
        "id": "144373"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7096"
      }
    ]
  },
  "id": "VAR-201710-1409",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115299"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:07:40.610000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "HT208116",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208116"
      },
      {
        "title": "HT208141",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208141"
      },
      {
        "title": "HT208142",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208142"
      },
      {
        "title": "HT208112",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208112"
      },
      {
        "title": "HT208113",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208113"
      },
      {
        "title": "HT208112",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208112"
      },
      {
        "title": "HT208113",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208113"
      },
      {
        "title": "HT208116",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208116"
      },
      {
        "title": "HT208141",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208141"
      },
      {
        "title": "HT208142",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208142"
      },
      {
        "title": "Multiple Apple product WebKit Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75943"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7096"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/101006"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208112"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208113"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208116"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208141"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208142"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039384"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039428"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7096"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7096"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99806334/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7091"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7093"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7090"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7087"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7092"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7095"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7104"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7094"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7098"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7081"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7100"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7102"
      },
      {
        "trust": 0.4,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.4,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.4,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7099"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7120"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7111"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7107"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7089"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7109"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7117"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.webkit.org/"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00005.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00010.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00009.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00012.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00007.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10989"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7080"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0381"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9842"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11120"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000373"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7083"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11121"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9063"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9841"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7086"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9843"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7085"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7144"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7106"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2017-0008.html"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security.html"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3460-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7088"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115299"
      },
      {
        "db": "BID",
        "id": "101006"
      },
      {
        "db": "PACKETSTORM",
        "id": "144371"
      },
      {
        "db": "PACKETSTORM",
        "id": "144368"
      },
      {
        "db": "PACKETSTORM",
        "id": "144667"
      },
      {
        "db": "PACKETSTORM",
        "id": "144707"
      },
      {
        "db": "PACKETSTORM",
        "id": "144369"
      },
      {
        "db": "PACKETSTORM",
        "id": "144373"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7096"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115299",
        "ident": null
      },
      {
        "db": "BID",
        "id": "101006",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "144371",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "144368",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "144667",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "144707",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "144369",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "144373",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7096",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2017-10-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115299",
        "ident": null
      },
      {
        "date": "2017-09-25T00:00:00",
        "db": "BID",
        "id": "101006",
        "ident": null
      },
      {
        "date": "2017-09-28T00:23:30",
        "db": "PACKETSTORM",
        "id": "144371",
        "ident": null
      },
      {
        "date": "2017-09-28T00:17:26",
        "db": "PACKETSTORM",
        "id": "144368",
        "ident": null
      },
      {
        "date": "2017-10-18T23:02:22",
        "db": "PACKETSTORM",
        "id": "144667",
        "ident": null
      },
      {
        "date": "2017-10-23T20:20:00",
        "db": "PACKETSTORM",
        "id": "144707",
        "ident": null
      },
      {
        "date": "2017-09-28T00:19:32",
        "db": "PACKETSTORM",
        "id": "144369",
        "ident": null
      },
      {
        "date": "2017-09-28T00:27:27",
        "db": "PACKETSTORM",
        "id": "144373",
        "ident": null
      },
      {
        "date": "2017-10-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1084",
        "ident": null
      },
      {
        "date": "2017-11-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009346",
        "ident": null
      },
      {
        "date": "2017-10-23T01:29:12.283000",
        "db": "NVD",
        "id": "CVE-2017-7096",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115299",
        "ident": null
      },
      {
        "date": "2017-09-25T00:00:00",
        "db": "BID",
        "id": "101006",
        "ident": null
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1084",
        "ident": null
      },
      {
        "date": "2017-11-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009346",
        "ident": null
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-7096",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "144707"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "_id": null,
    "data": "plural  Apple Used in products  WebKit Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009346"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1084"
      }
    ],
    "trust": 0.6
  }
}

VAR-202110-1620

Vulnerability from variot - Updated: 2026-04-10 23:05

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15

iOS 15 and iPadOS 15 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212814.

Accessory Manager Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)

AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to read sensitive information Description: This issue was addressed with improved checks. CVE-2021-30811: an anonymous researcher working with Compartir

Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30838: proteas wang

CoreML Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day Initiative

Face ID Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation) Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID Description: This issue was addressed by improving Face ID anti- spoofing models. CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year Security Lab

FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab

libexpat Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher

Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30819: Apple

Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Siri Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to view contacts from the lock screen Description: A lock screen issue allowed access to contacts on a locked device. CVE-2021-30815: an anonymous researcher

Telephony Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad Air 2, iPad (5th generation), and iPad mini 4 Impact: In certain situations, the baseband would fail to enable integrity and ciphering protection Description: A logic issue was addressed with improved state management. CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST SysSec Lab

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher

Additional recognition

Assets We would like to acknowledge Cees Elzinga for their assistance.

Bluetooth We would like to acknowledge an anonymous researcher for their assistance.

File System We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their assistance.

Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

UIKit We would like to acknowledge an anonymous researcher for their assistance.

Installation note:

To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "15.0"

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI88sACgkQeC9qKD1p rhjVNxAAx5mEiw7NE47t6rO8Y93xPrNSk+7xcqPeBHUCg+rLmqxtOhITRVUw0QLH sBIwSVK1RxxRjasBfgwbh1jyMYg6EzfKNQOeZGnjLA4WRmIj728aGehJ56Z/ggpJ awJNPvfzyoSdFgdwntj2FDih/d4oJmMwIyhNvqGrSwuybq9sznxJsTbpRbKWFhiz y/phwVywo0A//XBiup3hrscl5SmxO44WBDlL+MAv4FnRPk7IGbBCfO8HnhO/9j1n uSNoKtnJt2f6/06E0wMLStBSESKPSmKSz65AtR6h1oNytEuJtyHME8zOtz/Z9hlJ fo5f6tN6uCgYgYs7dyonWk5qiL7cue3ow58dPjZuNmqxFeu5bCc/1G47LDcdwoAg o0aU22MEs4wKdBWrtFI40BQ5LEmFrh3NM82GwFYDBz92x7B9SpXMau6F82pCvvyG wNbRL5PzHUMa1/LfVcoOyWk0gZBeD8/GFzNmwBeZmBMlpoPRo5bkyjUn8/ABG+Ie 665EHgGYs5BIV20Gviax0g4bjGHqEndfxdjyDHzJ87d65iA5uYdOiw61WpHq9kwH hK4e6BF0CahTrpz6UGVuOA/VMMDv3ZqhW+a95KBzDa7dHVnokpV+WiMJcmoEJ5gI 5ovpqig9qjf7zMv3+3Mlij0anQ24w7+MjEBk7WDG+2al83GCMAE= =nkJd -----END PGP SIGNATURE-----

. CVE-2021-30837: an anonymous researcher

bootp Available for: Apple TV 4K and Apple TV HD Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2021-30850: an anonymous researcher

Sandbox Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021

WebKit Available for: Apple TV 4K and Apple TV Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: The issue was resolved with additional restrictions on CSS compositing. CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research Entry added October 25, 2021

WebKit Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. CVE-2021-30851: Samuel Groß of Google Project Zero

Installation note:

This update may be obtained from the Mac App Store. Apple is aware of a report that this issue may have been actively exploited. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30846: Sergei Glazunov of Google Project Zero Entry added September 20, 2021

Additional recognition

CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance.

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.8"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.12"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.8"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "safari",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30849"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164688"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164241"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "PACKETSTORM",
        "id": "164234"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-30849",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-30849",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-390582",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-30849",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-30849",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-30849",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-30849",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-1268",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390582",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390582"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30849"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15\n\niOS 15 and iPadOS 15 addresses the following issues. Information\nabout the security content is also available at\nhttps://support.apple.com/HT212814. \n\nAccessory Manager\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2021-30837: Siddharth Aeri (@b1n4r1b01)\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A local attacker may be able to read sensitive information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30811: an anonymous researcher working with Compartir\n\nApple Neural Engine\nAvailable for devices with Apple Neural Engine: iPhone 8 and later,\niPad Pro (3rd generation) and later, iPad Air (3rd generation) and\nlater, and iPad mini (5th generation) \nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges on devices with an Apple Neural Engine\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30838: proteas wang\n\nCoreML\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30825: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nFace ID\nAvailable for devices with Face ID: iPhone X, iPhone XR, iPhone XS\n(all models), iPhone 11 (all models), iPhone 12 (all models), iPad\nPro (11-inch), and iPad Pro (3rd generation)\nImpact: A 3D model constructed to look like the enrolled user may be\nable to authenticate via Face ID\nDescription: This issue was addressed by improving Face ID anti-\nspoofing models. \nCVE-2021-30863: Wish Wu (\u5434\u6f4d\u6d60 @wish_wu) of Ant-financial Light-Year\nSecurity Lab\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30835: Ye Zhang of Baidu Security\nCVE-2021-30847: Mike Zhang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\n\nlibexpat\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30819: Apple\n\nPreferences\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nPreferences\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSiri\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A local attacker may be able to view contacts from the lock\nscreen\nDescription: A lock screen issue allowed access to contacts on a\nlocked device. \nCVE-2021-30815: an anonymous researcher\n\nTelephony\nAvailable for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad\nAir 2, iPad (5th generation), and iPad mini 4\nImpact: In certain situations, the baseband would fail to enable\nintegrity and ciphering protection\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST\nSysSec Lab\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30846: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30848: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30849: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30851: Samuel Gro\u00df of Google Project Zero\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An attacker in physical proximity may be able to force a user\nonto a malicious Wi-Fi network during device setup\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2021-30810: an anonymous researcher\n\nAdditional recognition\n\nAssets\nWe would like to acknowledge Cees Elzinga for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFile System\nWe would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their\nassistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n* Navigate to Settings\n* Select General\n* Select About\n* The version after applying this update will be \"15.0\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI88sACgkQeC9qKD1p\nrhjVNxAAx5mEiw7NE47t6rO8Y93xPrNSk+7xcqPeBHUCg+rLmqxtOhITRVUw0QLH\nsBIwSVK1RxxRjasBfgwbh1jyMYg6EzfKNQOeZGnjLA4WRmIj728aGehJ56Z/ggpJ\nawJNPvfzyoSdFgdwntj2FDih/d4oJmMwIyhNvqGrSwuybq9sznxJsTbpRbKWFhiz\ny/phwVywo0A//XBiup3hrscl5SmxO44WBDlL+MAv4FnRPk7IGbBCfO8HnhO/9j1n\nuSNoKtnJt2f6/06E0wMLStBSESKPSmKSz65AtR6h1oNytEuJtyHME8zOtz/Z9hlJ\nfo5f6tN6uCgYgYs7dyonWk5qiL7cue3ow58dPjZuNmqxFeu5bCc/1G47LDcdwoAg\no0aU22MEs4wKdBWrtFI40BQ5LEmFrh3NM82GwFYDBz92x7B9SpXMau6F82pCvvyG\nwNbRL5PzHUMa1/LfVcoOyWk0gZBeD8/GFzNmwBeZmBMlpoPRo5bkyjUn8/ABG+Ie\n665EHgGYs5BIV20Gviax0g4bjGHqEndfxdjyDHzJ87d65iA5uYdOiw61WpHq9kwH\nhK4e6BF0CahTrpz6UGVuOA/VMMDv3ZqhW+a95KBzDa7dHVnokpV+WiMJcmoEJ5gI\n5ovpqig9qjf7zMv3+3Mlij0anQ24w7+MjEBk7WDG+2al83GCMAE=\n=nkJd\n-----END PGP SIGNATURE-----\n\n\n\n. \nCVE-2021-30837: an anonymous researcher\n\nbootp\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A device may be passively tracked by its WiFi MAC address\nDescription: A user privacy issue was addressed by removing the\nbroadcast MAC address. \nCVE-2021-30850: an anonymous researcher\n\nSandbox\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved checks. \nCVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV \nImpact: Visiting a maliciously crafted website may reveal a user\u0027s\nbrowsing history\nDescription: The issue was resolved with additional restrictions on\nCSS compositing. \nCVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An attacker in a privileged network position may be able to\nbypass HSTS\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30851: Samuel Gro\u00df of Google Project Zero\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store. Apple is aware of a report that this issue may have\nbeen actively exploited. Apple is aware of a report that this issue\nmay have been actively exploited. \nCVE-2021-30846: Sergei Glazunov of Google Project Zero\nEntry added September 20, 2021\n\nAdditional recognition\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390582"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30849"
      },
      {
        "db": "PACKETSTORM",
        "id": "164233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164688"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164241"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "PACKETSTORM",
        "id": "164234"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30849",
        "trust": 4.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/10/27/4",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/10/27/2",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/10/26/9",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/10/27/1",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167037",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "164692",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3159.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0382",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3578",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "164256",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "164518",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021092024",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051140",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021110102",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1268",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "164693",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "164688",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "164689",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-390582",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30849",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164233",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164242",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164241",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164236",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164234",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390582"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30849"
      },
      {
        "db": "PACKETSTORM",
        "id": "164233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164688"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164241"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "PACKETSTORM",
        "id": "164234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30849"
      }
    ]
  },
  "id": "VAR-202110-1620",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390582"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:05:16.002000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT212869 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT212807"
      },
      {
        "title": "Apple Safari Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163084"
      },
      {
        "title": "Apple: iOS 15 and iPadOS 15",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f34e9bd3d1b055a84fc033981719f5fb"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-30849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390582"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30849"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2021/oct/62"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2021/oct/63"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2021/oct/60"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2021/oct/61"
      },
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht212817"
      },
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212869"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212953"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212807"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212814"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212815"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212816"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212819"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
      },
      {
        "trust": 0.7,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021110102"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3159.2"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-30849"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164518/webkit-domwindow-open-heap-use-after-free.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht212953"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021092024"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-36750"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3578"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164692/apple-security-advisory-2021-10-26-10.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164256/apple-security-advisory-2021-09-20-10.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-36461"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30810"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30837"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30854"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30811"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht212815."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht212816."
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2021/sep/42"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht212814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30815"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212814."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30825"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30826"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30852"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30820"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212807."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212819."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390582"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30849"
      },
      {
        "db": "PACKETSTORM",
        "id": "164233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164688"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164241"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "PACKETSTORM",
        "id": "164234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30849"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390582",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30849",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164233",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164693",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164688",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164242",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164241",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164236",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164234",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1268",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30849",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390582",
        "ident": null
      },
      {
        "date": "2021-09-22T16:22:10",
        "db": "PACKETSTORM",
        "id": "164233",
        "ident": null
      },
      {
        "date": "2021-10-28T14:58:57",
        "db": "PACKETSTORM",
        "id": "164693",
        "ident": null
      },
      {
        "date": "2021-10-28T14:55:07",
        "db": "PACKETSTORM",
        "id": "164688",
        "ident": null
      },
      {
        "date": "2021-09-22T16:30:10",
        "db": "PACKETSTORM",
        "id": "164242",
        "ident": null
      },
      {
        "date": "2021-09-22T16:29:53",
        "db": "PACKETSTORM",
        "id": "164241",
        "ident": null
      },
      {
        "date": "2021-09-22T16:24:22",
        "db": "PACKETSTORM",
        "id": "164236",
        "ident": null
      },
      {
        "date": "2021-09-22T16:22:32",
        "db": "PACKETSTORM",
        "id": "164234",
        "ident": null
      },
      {
        "date": "2021-09-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-1268",
        "ident": null
      },
      {
        "date": "2022-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014010",
        "ident": null
      },
      {
        "date": "2021-10-19T14:15:09.770000",
        "db": "NVD",
        "id": "CVE-2021-30849",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390582",
        "ident": null
      },
      {
        "date": "2022-05-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-1268",
        "ident": null
      },
      {
        "date": "2022-09-30T08:05:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014010",
        "ident": null
      },
      {
        "date": "2021-11-23T20:20:37.047000",
        "db": "NVD",
        "id": "CVE-2021-30849",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1268"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "plural \u00a0Apple\u00a0 Out-of-bounds write vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014010"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1268"
      }
    ],
    "trust": 0.6
  }
}

VAR-202108-1249

Vulnerability from variot - Updated: 2026-04-10 23:05

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30952) An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source: webkit2gtk3-2.34.6-1.el8.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.

For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-12-15-6 watchOS 8.3

watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab

CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab

CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab

Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero

Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero

Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab

Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics

Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics

TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab

Additional recognition

Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.

ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.

Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.

Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.

WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----

. ========================================================================== Ubuntu Security Notice USN-5255-1 January 27, 2022

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 21.10
Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.21.10.1 libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.21.10.1

Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01

                                       https://security.gentoo.org/

Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4

Description

Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"

References

[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202202-01

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.2"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.2"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.2"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.2"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "safari",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30934"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "db": "PACKETSTORM",
        "id": "165360"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2021-30934",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-30934",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-390667",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-30934",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-30934",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-30934",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-30934",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390667",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-30934",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390667"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30934"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30952)\nAn out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2022:1777-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1777\nIssue date:        2022-05-10\nCVE Names:         CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n                   CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n                   CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n                   CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n                   CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n                   CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n                   CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n                   CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n                   CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n                   CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5255-1\nJanuary 27, 2022\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n  libjavascriptcoregtk-4.0-18     2.34.4-0ubuntu0.21.10.1\n  libwebkit2gtk-4.0-37            2.34.4-0ubuntu0.21.10.1\n\nUbuntu 20.04 LTS:\n  libjavascriptcoregtk-4.0-18     2.34.4-0ubuntu0.20.04.1\n  libwebkit2gtk-4.0-37            2.34.4-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: WebkitGTK+: Multiple vulnerabilities\n     Date: February 01, 2022\n     Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n           #831739\n       ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-libs/webkit-gtk        \u003c 2.34.4                    \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n      https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n      https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n       https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390667"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30934"
      },
      {
        "db": "PACKETSTORM",
        "id": "167037"
      },
      {
        "db": "PACKETSTORM",
        "id": "169186"
      },
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "db": "PACKETSTORM",
        "id": "165360"
      },
      {
        "db": "PACKETSTORM",
        "id": "169195"
      },
      {
        "db": "PACKETSTORM",
        "id": "165765"
      },
      {
        "db": "PACKETSTORM",
        "id": "165794"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-390667",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390667"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30934",
        "trust": 3.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/01/21/2",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165359",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165358",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167037",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165360",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165765",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-390667",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30934",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169186",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169195",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165794",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390667"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30934"
      },
      {
        "db": "PACKETSTORM",
        "id": "167037"
      },
      {
        "db": "PACKETSTORM",
        "id": "169186"
      },
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "db": "PACKETSTORM",
        "id": "165360"
      },
      {
        "db": "PACKETSTORM",
        "id": "169195"
      },
      {
        "db": "PACKETSTORM",
        "id": "165765"
      },
      {
        "db": "PACKETSTORM",
        "id": "165794"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30934"
      }
    ]
  },
  "id": "VAR-202108-1249",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390667"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:05:13.081000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT212980 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2022/dsa-5060"
      },
      {
        "title": "Red Hat: CVE-2021-30934",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30934"
      },
      {
        "title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
      },
      {
        "title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2023-2088",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-30934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.1
      },
      {
        "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30934"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
      },
      {
        "trust": 1.3,
        "url": "https://www.debian.org/security/2022/dsa-5060"
      },
      {
        "trust": 1.2,
        "url": "https://www.debian.org/security/2022/dsa-5061"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht212975"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht212976"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht212978"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht212980"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/en-us/ht212982"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
      },
      {
        "trust": 0.2,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30934"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/120.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22592"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22637"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30809"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30890"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30888"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22620"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30887"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30952"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30936"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30851"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30848"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30849"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45481"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30818"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30951"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22589"
      },
      {
        "trust": 0.1,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30953"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30984"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30954"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22590"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30884"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/webkit2gtk"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212980."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212975."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212982."
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/wpewebkit"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5255-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.21.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2021-0005.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/202202-01"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2021-0004.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2021-0006.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390667"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30934"
      },
      {
        "db": "PACKETSTORM",
        "id": "167037"
      },
      {
        "db": "PACKETSTORM",
        "id": "169186"
      },
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "db": "PACKETSTORM",
        "id": "165360"
      },
      {
        "db": "PACKETSTORM",
        "id": "169195"
      },
      {
        "db": "PACKETSTORM",
        "id": "165765"
      },
      {
        "db": "PACKETSTORM",
        "id": "165794"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30934"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390667",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30934",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "167037",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169186",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165358",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165359",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165360",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169195",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165765",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165794",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30934",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390667",
        "ident": null
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30934",
        "ident": null
      },
      {
        "date": "2022-05-11T15:50:41",
        "db": "PACKETSTORM",
        "id": "167037",
        "ident": null
      },
      {
        "date": "2022-01-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "169186",
        "ident": null
      },
      {
        "date": "2021-12-17T19:19:55",
        "db": "PACKETSTORM",
        "id": "165358",
        "ident": null
      },
      {
        "date": "2021-12-17T19:20:06",
        "db": "PACKETSTORM",
        "id": "165359",
        "ident": null
      },
      {
        "date": "2021-12-17T19:23:27",
        "db": "PACKETSTORM",
        "id": "165360",
        "ident": null
      },
      {
        "date": "2022-01-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "169195",
        "ident": null
      },
      {
        "date": "2022-01-28T14:36:27",
        "db": "PACKETSTORM",
        "id": "165765",
        "ident": null
      },
      {
        "date": "2022-02-01T17:03:05",
        "db": "PACKETSTORM",
        "id": "165794",
        "ident": null
      },
      {
        "date": "2024-07-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-021216",
        "ident": null
      },
      {
        "date": "2021-08-24T19:15:20.657000",
        "db": "NVD",
        "id": "CVE-2021-30934",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-02-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390667",
        "ident": null
      },
      {
        "date": "2022-02-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30934",
        "ident": null
      },
      {
        "date": "2024-07-18T08:42:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-021216",
        "ident": null
      },
      {
        "date": "2023-11-07T03:33:56.027000",
        "db": "NVD",
        "id": "CVE-2021-30934",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165765"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "_id": null,
    "data": "apple\u0027s \u00a0Safari\u00a0 Classic buffer overflow vulnerabilities in products from multiple vendors",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-021216"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "overflow, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "db": "PACKETSTORM",
        "id": "165360"
      }
    ],
    "trust": 0.3
  }
}

VAR-202110-1512

Vulnerability from variot - Updated: 2026-04-10 23:04

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15

iOS 15 and iPadOS 15 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212814.

bootp Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium) Entry added October 25, 2021

CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab Entry added October 25, 2021

FaceTime Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: The issue was addressed with improved permissions logic. CVE-2021-30816: Atharv (@atharv0x0) Entry added October 25, 2021

FaceTime Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application with microphone permission may unexpectedly access microphone input during a FaceTime call Description: A logic issue was addressed with improved validation. CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime Entry added October 25, 2021

FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021

FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021

Foundation Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab Entry added October 25, 2021

iCloud Photo Library Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to access photo metadata without needing permission to access photos Description: The issue was addressed with improved authentication. CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021

ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30814: hjy79425575 Entry added October 25, 2021

ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab

NetworkExtension Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A VPN configuration may be installed by an app without user permission Description: An authorization issue was addressed with improved state management. CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira- boccardo) Entry added October 25, 2021

Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Quick Look Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Previewing an html file attached to a note may unexpectedly contact remote servers Description: A logic issue existed in the handling of document loads. CVE-2021-30870: Saif Hamed Al Hinai Oman CERT Entry added October 25, 2021

Sandbox Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021

WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: The issue was resolved with additional restrictions on CSS compositing. CVE-2021-30884: an anonymous researcher Entry added October 25, 2021

WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research Entry added October 25, 2021

WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs Entry added October 25, 2021

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher

Additional recognition

Assets We would like to acknowledge Cees Elzinga for their assistance.

Bluetooth We would like to acknowledge an anonymous researcher for their assistance.

File System We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their assistance.

Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

UIKit We would like to acknowledge an anonymous researcher for their assistance.

Installation note:

To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "15"

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hy0ACgkQeC9qKD1p rhiHNRAAwUaVHgd+whk6qGBZ3PYqSbvvuuo00rLW6JIqv9dwpEh9BBD//bSsUppb 41J5VaNoKDsonTLhXt0Mhn66wmhbGjLneMIoNb7ffl7O2xDQaWAr+HmoUm6wOo48 Kqj/wJGNJJov4ucBA6InpUz1ZevEhaPU4QMNedVck4YSl1GhtSTJsBAzVkMakQhX uJ1fVdOJ5konmmQJLYxDUo60xqS0sZPchkwCM1zwR/SAZ70pt6P0MGI1Yddjcn1U loAcKYVgkKAc9RWkXRskR1RxFBGivTI/gy5pDkLxfGfwFecf6PSR7MDki4xDeoVH 5FWXBwga8Uc/afGRqnFwTpdsisRZP8rQFwMam1T/DwgrWD8R2CCn/wOcvbtlWMIv LczYCJFMELaXOjFF5duXaUJme97567OypYvhjBDtiIPg5MCGhZZCmpbRjkcUBZNJ YQOELzq6CHWc96mjPOt34B0X2VXGhvgpQ0/evvcQe3bHv0F7N/acAlgsGe+e4Jn8 k0gWZocq+fPnl6YYgZKIGgcZWUl5bdqduApesEtpRU2ug2TE+xMOhMZXb1WLawJl n/OtVHhIjft23r0MGgyWTIHMPe5DRvEPWGI3DS+55JX6XOxSGp9o6xgOAraZR4U6 HO/WbQOwj7SSKbyPxmDTp4OMyFPukbe92WIMh5EpFcILp6GTJqQ= =lg51 -----END PGP SIGNATURE-----

. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30860: The Citizen Lab

CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021

SMB Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. Apple is aware of a report that this issue may have been actively exploited. Nakagawa of FFRI Security, Inc. for their assistance. Entry added September 20, 2021

CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.6"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.8"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.8"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30843"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164689"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-30843",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-30843",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-390576",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-30843",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-30843",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-30843",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-30843",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-1276",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390576",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30843"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-10-26-9 Additional information for\nAPPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15\n\niOS 15 and iPadOS 15 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212814. \n\nAccessory Manager\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2021-30837: Siddharth Aeri (@b1n4r1b01)\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A local attacker may be able to read sensitive information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30811: an anonymous researcher working with Compartir\n\nApple Neural Engine\nAvailable for devices with Apple Neural Engine: iPhone 8 and later,\niPad Pro (3rd generation) and later, iPad Air (3rd generation) and\nlater, and iPad mini (5th generation) \nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges on devices with an Apple Neural Engine\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30838: proteas wang\n\nbootp\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A device may be passively tracked by its WiFi MAC address\nDescription: A user privacy issue was addressed by removing the\nbroadcast MAC address. \nCVE-2021-30866: Fabien Duch\u00eane of UCLouvain (Belgium)\nEntry added October 25, 2021\n\nCoreAudio\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a malicious audio file may result in unexpected\napplication termination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nCoreML\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30825: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nFace ID\nAvailable for devices with Face ID: iPhone X, iPhone XR, iPhone XS\n(all models), iPhone 11 (all models), iPhone 12 (all models), iPad\nPro (11-inch), and iPad Pro (3rd generation)\nImpact: A 3D model constructed to look like the enrolled user may be\nable to authenticate via Face ID\nDescription: This issue was addressed by improving Face ID anti-\nspoofing models. \nCVE-2021-30863: Wish Wu (\u5434\u6f4d\u6d60 @wish_wu) of Ant-financial Light-Year\nSecurity Lab\n\nFaceTime\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An attacker with physical access to a device may be able to\nsee private contact information\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30816: Atharv (@atharv0x0)\nEntry added October 25, 2021\n\nFaceTime\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application with microphone permission may unexpectedly\naccess microphone input during a FaceTime call\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime\nEntry added October 25, 2021\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\n\nFoundation\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\niCloud Photo Library\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to access photo metadata\nwithout needing permission to access photos\nDescription: The issue was addressed with improved authentication. \nCVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 25, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2021-30814: hjy79425575\nEntry added October 25, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30835: Ye Zhang of Baidu Security\nCVE-2021-30847: Mike Zhang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\n\nlibexpat\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30819: Apple\n\nNetworkExtension\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A VPN configuration may be installed by an app without user\npermission\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira-\nboccardo)\nEntry added October 25, 2021\n\nPreferences\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nPreferences\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuick Look\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Previewing an html file attached to a note may unexpectedly\ncontact remote servers\nDescription: A logic issue existed in the handling of document loads. \nCVE-2021-30870: Saif Hamed Al Hinai Oman CERT\nEntry added October 25, 2021\n\nSandbox\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved checks. \nCVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 25, 2021\n\nSiri\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A local attacker may be able to view contacts from the lock\nscreen\nDescription: A lock screen issue allowed access to contacts on a\nlocked device. \nCVE-2021-30815: an anonymous researcher\n\nTelephony\nAvailable for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad\nAir 2, iPad (5th generation), and iPad mini 4\nImpact: In certain situations, the baseband would fail to enable\nintegrity and ciphering protection\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST\nSysSec Lab\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Visiting a maliciously crafted website may reveal a user\u0027s\nbrowsing history\nDescription: The issue was resolved with additional restrictions on\nCSS compositing. \nCVE-2021-30884: an anonymous researcher\nEntry added October 25, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research\nEntry added October 25, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs\nEntry added October 25, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30809: an anonymous researcher\nEntry added October 25, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30846: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30848: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30849: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30851: Samuel Gro\u00df of Google Project Zero\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An attacker in physical proximity may be able to force a user\nonto a malicious Wi-Fi network during device setup\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2021-30810: an anonymous researcher\n\nAdditional recognition\n\nAssets\nWe would like to acknowledge Cees Elzinga for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFile System\nWe would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their\nassistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n* Navigate to Settings\n* Select General\n* Select About\n* The version after applying this update will be \"15\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hy0ACgkQeC9qKD1p\nrhiHNRAAwUaVHgd+whk6qGBZ3PYqSbvvuuo00rLW6JIqv9dwpEh9BBD//bSsUppb\n41J5VaNoKDsonTLhXt0Mhn66wmhbGjLneMIoNb7ffl7O2xDQaWAr+HmoUm6wOo48\nKqj/wJGNJJov4ucBA6InpUz1ZevEhaPU4QMNedVck4YSl1GhtSTJsBAzVkMakQhX\nuJ1fVdOJ5konmmQJLYxDUo60xqS0sZPchkwCM1zwR/SAZ70pt6P0MGI1Yddjcn1U\nloAcKYVgkKAc9RWkXRskR1RxFBGivTI/gy5pDkLxfGfwFecf6PSR7MDki4xDeoVH\n5FWXBwga8Uc/afGRqnFwTpdsisRZP8rQFwMam1T/DwgrWD8R2CCn/wOcvbtlWMIv\nLczYCJFMELaXOjFF5duXaUJme97567OypYvhjBDtiIPg5MCGhZZCmpbRjkcUBZNJ\nYQOELzq6CHWc96mjPOt34B0X2VXGhvgpQ0/evvcQe3bHv0F7N/acAlgsGe+e4Jn8\nk0gWZocq+fPnl6YYgZKIGgcZWUl5bdqduApesEtpRU2ug2TE+xMOhMZXb1WLawJl\nn/OtVHhIjft23r0MGgyWTIHMPe5DRvEPWGI3DS+55JX6XOxSGp9o6xgOAraZR4U6\nHO/WbQOwj7SSKbyPxmDTp4OMyFPukbe92WIMh5EpFcILp6GTJqQ=\n=lg51\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may have\nbeen actively exploited. \nCVE-2021-30860: The Citizen Lab\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-30829: an anonymous researcher\nEntry added September 20, 2021\n\ncurl\nAvailable for: macOS Big Sur\nImpact: curl could potentially reveal sensitive internal information\nto the server using a clear-text network protocol\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. Apple is aware of a report that this issue\nmay have been actively exploited. Nakagawa of FFRI Security, Inc. \nfor their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390576"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30843"
      },
      {
        "db": "PACKETSTORM",
        "id": "164233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164689"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30843",
        "trust": 4.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "164692",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "164249",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021092024",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3155",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3578",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1276",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "164689",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "164693",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-390576",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30843",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164233",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164246",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164242",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164236",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390576"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30843"
      },
      {
        "db": "PACKETSTORM",
        "id": "164233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164689"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30843"
      }
    ]
  },
  "id": "VAR-202110-1512",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390576"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:04:02.900000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT212815 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT212804"
      },
      {
        "title": "Apple tvOS Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166480"
      },
      {
        "title": "Apple: iOS 15 and iPadOS 15",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f34e9bd3d1b055a84fc033981719f5fb"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-30843"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30843"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2021/oct/62"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2021/oct/63"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2021/oct/61"
      },
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht212815"
      },
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212804"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212805"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212807"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212814"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212819"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
      },
      {
        "trust": 0.7,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3155"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164249/apple-security-advisory-2021-09-20-8.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3578"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164692/apple-security-advisory-2021-10-26-10.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-36461"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021092024"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30810"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30837"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30854"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30815"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht212814."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30838"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30825"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30811"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30826"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30819"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30808"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht212815."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30834"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30831"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30814"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht212814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30852"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30816"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212805."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30853"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30845"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212804."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30820"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212807."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390576"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30843"
      },
      {
        "db": "PACKETSTORM",
        "id": "164233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164693"
      },
      {
        "db": "PACKETSTORM",
        "id": "164689"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "164242"
      },
      {
        "db": "PACKETSTORM",
        "id": "164236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30843"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390576",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30843",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164233",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164693",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164689",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164249",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164246",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164242",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164236",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1276",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30843",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390576",
        "ident": null
      },
      {
        "date": "2021-09-22T16:22:10",
        "db": "PACKETSTORM",
        "id": "164233",
        "ident": null
      },
      {
        "date": "2021-10-28T14:58:57",
        "db": "PACKETSTORM",
        "id": "164693",
        "ident": null
      },
      {
        "date": "2021-10-28T14:55:28",
        "db": "PACKETSTORM",
        "id": "164689",
        "ident": null
      },
      {
        "date": "2021-09-22T16:35:10",
        "db": "PACKETSTORM",
        "id": "164249",
        "ident": null
      },
      {
        "date": "2021-09-22T16:33:18",
        "db": "PACKETSTORM",
        "id": "164246",
        "ident": null
      },
      {
        "date": "2021-09-22T16:30:10",
        "db": "PACKETSTORM",
        "id": "164242",
        "ident": null
      },
      {
        "date": "2021-09-22T16:24:22",
        "db": "PACKETSTORM",
        "id": "164236",
        "ident": null
      },
      {
        "date": "2021-09-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-1276",
        "ident": null
      },
      {
        "date": "2022-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014007",
        "ident": null
      },
      {
        "date": "2021-10-19T14:15:09.463000",
        "db": "NVD",
        "id": "CVE-2021-30843",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-11-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390576",
        "ident": null
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-1276",
        "ident": null
      },
      {
        "date": "2022-09-30T08:05:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014007",
        "ident": null
      },
      {
        "date": "2021-11-05T21:26:44.597000",
        "db": "NVD",
        "id": "CVE-2021-30843",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1276"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "plural \u00a0Apple\u00a0 Product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014007"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-1276"
      }
    ],
    "trust": 0.6
  }
}

VAR-202109-1360

Vulnerability from variot - Updated: 2026-04-10 22:55

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the KeyframeEffect class. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKitGTK+ has a buffer error vulnerability, which is caused by a boundary error when processing HTML content in WebKit. The following products and versions are affected: WebKitGTK+: 2.30.0, 2.30.1, 2.30.2, 2.30.3, 2.30.4, 2.30.5, 2.30.6, 2.31.1, 2.31.90, 2.31.91, 2.32 .0, 2.32.1.

The specific flaw exists within the KeyframeEffect class. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4945-1 security@debian.org https://www.debian.org/security/ Alberto Garcia July 28, 2021 https://www.debian.org/security/faq

Package : webkit2gtk CVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799

The following vulnerabilities have been discovered in the webkit2gtk web engine:

CVE-2021-21775

Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.

CVE-2021-21779

Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.

CVE-2021-30720

David Schutz discovered that a malicious website may be able to
access restricted ports on arbitrary servers.

For the stable distribution (buster), these problems have been fixed in version 2.32.3-1~deb10u1.

We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2021:4381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381 Issue date: 2021-11-09 CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 ==================================================================== 1. Summary:

An update for GNOME is now available for Red Hat Enterprise Linux 8.

Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

GNOME is the default desktop environment of Red Hat Enterprise Linux.

The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

GDM must be restarted for this update to take effect. The GNOME session must be restarted (log out, then log back in) for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time 1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8) 1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop 1813727 - Files copied from NFS4 to Desktop can't be opened 1854679 - [RFE] Disable left edge gesture 1873297 - Gnome-software coredumps when run as root in terminal 1873488 - GTK3 prints errors with overlay scrollbar disabled 1888404 - Updates page hides ongoing updates on refresh 1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. 1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... 1904139 - Automatic Logout Feature not working 1905000 - Desktop refresh broken after unlock 1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release 1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot 1924725 - [Wayland] Double-touch desktop icons fails sometimes 1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory 1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp 1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution 1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login 1937416 - Rebase WebKitGTK to 2.32 1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0] 1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0] 1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) 1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution 1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history 1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation 1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution 1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection 1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation 1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution 1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution 1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution 1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution 1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH 1951086 - Disable the Facebook provider 1952136 - Disable the Foursquare provider 1955754 - gnome-session kiosk-session support still isn't up to muster 1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide 1960705 - Vino nonfunctional in FIPS mode 1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V 1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens 1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831' 1972545 - flatpak: Prefer runtime from the same origin as the application 1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent 1978505 - Gnome Software development package is missing important header files. 1978612 - pt_BR translations for "Register System" panel 1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution 1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source: LibRaw-0.19.5-3.el8.src.rpm accountsservice-0.6.55-2.el8.src.rpm gdm-40.0-15.el8.src.rpm gnome-autoar-0.2.3-2.el8.src.rpm gnome-calculator-3.28.2-2.el8.src.rpm gnome-control-center-3.28.2-28.el8.src.rpm gnome-online-accounts-3.28.2-3.el8.src.rpm gnome-session-3.28.1-13.el8.src.rpm gnome-settings-daemon-3.32.0-16.el8.src.rpm gnome-shell-3.32.2-40.el8.src.rpm gnome-shell-extensions-3.32.1-20.el8.src.rpm gnome-software-3.36.1-10.el8.src.rpm gtk3-3.22.30-8.el8.src.rpm mutter-3.32.2-60.el8.src.rpm vino-3.22.0-11.el8.src.rpm webkit2gtk3-2.32.3-2.el8.src.rpm

aarch64: accountsservice-0.6.55-2.el8.aarch64.rpm accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-libs-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gdm-40.0-15.el8.aarch64.rpm gdm-debuginfo-40.0-15.el8.aarch64.rpm gdm-debugsource-40.0-15.el8.aarch64.rpm gnome-autoar-0.2.3-2.el8.aarch64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm gnome-calculator-3.28.2-2.el8.aarch64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm gnome-control-center-3.28.2-28.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm gnome-online-accounts-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm gnome-session-3.28.1-13.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm gnome-session-xsession-3.28.1-13.el8.aarch64.rpm gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm gnome-shell-3.32.2-40.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm gnome-software-3.36.1-10.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-3.22.30-8.el8.aarch64.rpm gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-debugsource-3.22.30-8.el8.aarch64.rpm gtk3-devel-3.22.30-8.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm mutter-3.32.2-60.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm vino-3.22.0-11.el8.aarch64.rpm vino-debuginfo-3.22.0-11.el8.aarch64.rpm vino-debugsource-3.22.0-11.el8.aarch64.rpm webkit2gtk3-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm

noarch: gnome-classic-session-3.32.1-20.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm

ppc64le: LibRaw-0.19.5-3.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-0.6.55-2.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gdm-40.0-15.el8.ppc64le.rpm gdm-debuginfo-40.0-15.el8.ppc64le.rpm gdm-debugsource-40.0-15.el8.ppc64le.rpm gnome-autoar-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm gnome-calculator-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm gnome-control-center-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm gnome-session-3.28.1-13.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm gnome-shell-3.32.2-40.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm gnome-software-3.36.1-10.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-3.22.30-8.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm gtk3-devel-3.22.30-8.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm mutter-3.32.2-60.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm vino-3.22.0-11.el8.ppc64le.rpm vino-debuginfo-3.22.0-11.el8.ppc64le.rpm vino-debugsource-3.22.0-11.el8.ppc64le.rpm webkit2gtk3-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm

s390x: accountsservice-0.6.55-2.el8.s390x.rpm accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-libs-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gdm-40.0-15.el8.s390x.rpm gdm-debuginfo-40.0-15.el8.s390x.rpm gdm-debugsource-40.0-15.el8.s390x.rpm gnome-autoar-0.2.3-2.el8.s390x.rpm gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm gnome-calculator-3.28.2-2.el8.s390x.rpm gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm gnome-control-center-3.28.2-28.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm gnome-online-accounts-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm gnome-session-3.28.1-13.el8.s390x.rpm gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm gnome-session-debugsource-3.28.1-13.el8.s390x.rpm gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm gnome-session-xsession-3.28.1-13.el8.s390x.rpm gnome-settings-daemon-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm gnome-shell-3.32.2-40.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm gnome-software-3.36.1-10.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-3.22.30-8.el8.s390x.rpm gtk3-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-debugsource-3.22.30-8.el8.s390x.rpm gtk3-devel-3.22.30-8.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm mutter-3.32.2-60.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm vino-3.22.0-11.el8.s390x.rpm vino-debuginfo-3.22.0-11.el8.s390x.rpm vino-debugsource-3.22.0-11.el8.s390x.rpm webkit2gtk3-2.32.3-2.el8.s390x.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm

x86_64: LibRaw-0.19.5-3.el8.i686.rpm LibRaw-0.19.5-3.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-0.6.55-2.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-libs-0.6.55-2.el8.i686.rpm accountsservice-libs-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gdm-40.0-15.el8.i686.rpm gdm-40.0-15.el8.x86_64.rpm gdm-debuginfo-40.0-15.el8.i686.rpm gdm-debuginfo-40.0-15.el8.x86_64.rpm gdm-debugsource-40.0-15.el8.i686.rpm gdm-debugsource-40.0-15.el8.x86_64.rpm gnome-autoar-0.2.3-2.el8.i686.rpm gnome-autoar-0.2.3-2.el8.x86_64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm gnome-calculator-3.28.2-2.el8.x86_64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm gnome-control-center-3.28.2-28.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm gnome-online-accounts-3.28.2-3.el8.i686.rpm gnome-online-accounts-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm gnome-session-3.28.1-13.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm gnome-session-xsession-3.28.1-13.el8.x86_64.rpm gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm gnome-shell-3.32.2-40.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm gnome-software-3.36.1-10.el8.x86_64.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-3.22.30-8.el8.i686.rpm gtk3-3.22.30-8.el8.x86_64.rpm gtk3-debuginfo-3.22.30-8.el8.i686.rpm gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-debugsource-3.22.30-8.el8.i686.rpm gtk3-debugsource-3.22.30-8.el8.x86_64.rpm gtk3-devel-3.22.30-8.el8.i686.rpm gtk3-devel-3.22.30-8.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm mutter-3.32.2-60.el8.i686.rpm mutter-3.32.2-60.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm vino-3.22.0-11.el8.x86_64.rpm vino-debuginfo-3.22.0-11.el8.x86_64.rpm vino-debugsource-3.22.0-11.el8.x86_64.rpm webkit2gtk3-2.32.3-2.el8.i686.rpm webkit2gtk3-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source: gsettings-desktop-schemas-3.32.0-6.el8.src.rpm

aarch64: gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm

ppc64le: gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm

s390x: gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm

x86_64: gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64: accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-devel-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gnome-software-devel-3.36.1-10.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-devel-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm

ppc64le: LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-devel-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-devel-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gnome-software-devel-3.36.1-10.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-devel-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm

s390x: accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-devel-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gnome-software-devel-3.36.1-10.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-devel-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm

x86_64: LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-devel-0.19.5-3.el8.i686.rpm LibRaw-devel-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-devel-0.6.55-2.el8.i686.rpm accountsservice-devel-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gnome-software-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.i686.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gnome-software-devel-3.36.1-10.el8.i686.rpm gnome-software-devel-3.36.1-10.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-devel-3.32.2-60.el8.i686.rpm mutter-devel-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:

Security Fix(es):

mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)

2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"

Installation note:

This update may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-05-25-7 tvOS 14.6

tvOS 14.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212532.

Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative

Audio Available for: Apple TV 4K and Apple TV HD Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro

CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro

Crash Reporter Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga

CVMS Available for: Apple TV 4K and Apple TV HD Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro

Heimdal Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)

Heimdal Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security

Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de)

Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher

Kernel Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)

Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero

LaunchServices Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan)

Security Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-21779: Marcin Towalski of Cisco Talos

WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative

WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. Apple is aware of a report that this issue may have been actively exploited. Description: An integer overflow was addressed with improved input validation. CVE-2021-30663: an anonymous researcher

Additional recognition

ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance.

WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance.

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."

To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6 jjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p 3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x d1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq 7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf ReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD mIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0 rpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO ZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8 oXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI sulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM dcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0= =BeQR -----END PGP SIGNATURE-----

. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01

                                       https://security.gentoo.org/

Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4

Description

Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202202-01

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.1.1"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "safari",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "webkit",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30749"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "mipu94 of SEFCOM lab, ASU.",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-761"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-30749",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-30749",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-390482",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-30749",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-30749",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-30749",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-30749",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-30749",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2021-30749",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202105-1574",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390482",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-761"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30749"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the KeyframeEffect class. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKitGTK+ has a buffer error vulnerability, which is caused by a boundary error when processing HTML content in WebKit. The following products and versions are affected: WebKitGTK+: 2.30.0, 2.30.1, 2.30.2, 2.30.3, 2.30.4, 2.30.5, 2.30.6, 2.31.1, 2.31.90, 2.31.91, 2.32 .0, 2.32.1. \n\nThe specific flaw exists within the KeyframeEffect class. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4945-1                   security@debian.org\nhttps://www.debian.org/security/                           Alberto Garcia\nJuly 28, 2021                         https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : webkit2gtk\nCVE ID         : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665\n                 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\n                 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797\n                 CVE-2021-30799\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2021-21775\n\n    Marcin Towalski discovered that a specially crafted web page can\n    lead to a potential information leak and further memory\n    corruption. In order to trigger the vulnerability, a victim must\n    be tricked into visiting a malicious webpage. \n\nCVE-2021-21779\n\n    Marcin Towalski discovered that a specially crafted web page can\n    lead to a potential information leak and further memory\n    corruption. In order to trigger the vulnerability, a victim must\n    be tricked into visiting a malicious webpage. \n\nCVE-2021-30720\n\n    David Schutz discovered that a malicious website may be able to\n    access restricted ports on arbitrary servers. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.32.3-1~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: GNOME security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2021:4381-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:4381\nIssue date:        2021-11-09\nCVE Names:         CVE-2020-13558 CVE-2020-24870 CVE-2020-27918\n                   CVE-2020-29623 CVE-2020-36241 CVE-2021-1765\n                   CVE-2021-1788 CVE-2021-1789 CVE-2021-1799\n                   CVE-2021-1801 CVE-2021-1844 CVE-2021-1870\n                   CVE-2021-1871 CVE-2021-21775 CVE-2021-21779\n                   CVE-2021-21806 CVE-2021-28650 CVE-2021-30663\n                   CVE-2021-30665 CVE-2021-30682 CVE-2021-30689\n                   CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\n                   CVE-2021-30749 CVE-2021-30758 CVE-2021-30795\n                   CVE-2021-30797 CVE-2021-30799\n====================================================================\n1. Summary:\n\nAn update for GNOME is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux. \n\nThe following packages have been upgraded to a later upstream version: gdm\n(40.0), webkit2gtk3 (2.32.3). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nGDM must be restarted for this update to take effect. The GNOME session\nmust be restarted (log out, then log back in) for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time\n1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)\n1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop\n1813727 - Files copied from NFS4 to Desktop can\u0027t be opened\n1854679 - [RFE] Disable left edge gesture\n1873297 - Gnome-software coredumps when run as root in terminal\n1873488 - GTK3 prints errors with overlay scrollbar disabled\n1888404 - Updates page hides ongoing updates on refresh\n1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. \n1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... \n1904139 - Automatic Logout Feature not working\n1905000 - Desktop refresh broken after unlock\n1909300 - gdm isn\u0027t killing the login screen on login after all, should rebase to latest release\n1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot\n1924725 - [Wayland] Double-touch desktop icons fails sometimes\n1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory\n1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp\n1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login\n1937416 - Rebase WebKitGTK to 2.32\n1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]\n1938937 - Mutter: mouse click doesn\u0027t work when using 10-bit graphic monitor [rhel-8.5.0]\n1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)\n1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution\n1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history\n1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation\n1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution\n1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection\n1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation\n1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution\n1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution\n1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution\n1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution\n1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH\n1951086 - Disable the Facebook provider\n1952136 - Disable the Foursquare provider\n1955754 - gnome-session kiosk-session support still isn\u0027t up to muster\n1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide\n1960705 - Vino nonfunctional in FIPS mode\n1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V\n1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens\n1971534 - gnome-shell[2343]: gsignal.c:2642: instance \u00270x5583c61f9280\u0027 has no handler with id \u002723831\u0027\n1972545 - flatpak: Prefer runtime from the same origin as the application\n1978287 - gnome-shell to  include / Documented - PolicyKit-authentication-agent\n1978505 - Gnome Software development package is missing important header files. \n1978612 - pt_BR translations for \"Register System\" panel\n1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution\n1980661 - \"Screen Lock disabled\" notification appears on first login after disabling gdm and notification pop-up. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nLibRaw-0.19.5-3.el8.src.rpm\naccountsservice-0.6.55-2.el8.src.rpm\ngdm-40.0-15.el8.src.rpm\ngnome-autoar-0.2.3-2.el8.src.rpm\ngnome-calculator-3.28.2-2.el8.src.rpm\ngnome-control-center-3.28.2-28.el8.src.rpm\ngnome-online-accounts-3.28.2-3.el8.src.rpm\ngnome-session-3.28.1-13.el8.src.rpm\ngnome-settings-daemon-3.32.0-16.el8.src.rpm\ngnome-shell-3.32.2-40.el8.src.rpm\ngnome-shell-extensions-3.32.1-20.el8.src.rpm\ngnome-software-3.36.1-10.el8.src.rpm\ngtk3-3.22.30-8.el8.src.rpm\nmutter-3.32.2-60.el8.src.rpm\nvino-3.22.0-11.el8.src.rpm\nwebkit2gtk3-2.32.3-2.el8.src.rpm\n\naarch64:\naccountsservice-0.6.55-2.el8.aarch64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngdm-40.0-15.el8.aarch64.rpm\ngdm-debuginfo-40.0-15.el8.aarch64.rpm\ngdm-debugsource-40.0-15.el8.aarch64.rpm\ngnome-autoar-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm\ngnome-calculator-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm\ngnome-control-center-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm\ngnome-online-accounts-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm\ngnome-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm\ngnome-session-debugsource-3.28.1-13.el8.aarch64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-xsession-3.28.1-13.el8.aarch64.rpm\ngnome-settings-daemon-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm\ngnome-shell-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm\ngnome-software-3.36.1-10.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-3.22.30-8.el8.aarch64.rpm\ngtk3-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-debugsource-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm\nmutter-3.32.2-60.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\nvino-3.22.0-11.el8.aarch64.rpm\nvino-debuginfo-3.22.0-11.el8.aarch64.rpm\nvino-debugsource-3.22.0-11.el8.aarch64.rpm\nwebkit2gtk3-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\n\nnoarch:\ngnome-classic-session-3.32.1-20.el8.noarch.rpm\ngnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm\ngnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-common-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm\n\nppc64le:\nLibRaw-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngdm-40.0-15.el8.ppc64le.rpm\ngdm-debuginfo-40.0-15.el8.ppc64le.rpm\ngdm-debugsource-40.0-15.el8.ppc64le.rpm\ngnome-autoar-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm\ngnome-calculator-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm\ngnome-control-center-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm\ngnome-online-accounts-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm\ngnome-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-xsession-3.28.1-13.el8.ppc64le.rpm\ngnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm\ngnome-shell-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm\ngnome-software-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm\ngtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-3.22.30-8.el8.ppc64le.rpm\ngtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-debugsource-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm\nmutter-3.32.2-60.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\nvino-3.22.0-11.el8.ppc64le.rpm\nvino-debuginfo-3.22.0-11.el8.ppc64le.rpm\nvino-debugsource-3.22.0-11.el8.ppc64le.rpm\nwebkit2gtk3-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\n\ns390x:\naccountsservice-0.6.55-2.el8.s390x.rpm\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngdm-40.0-15.el8.s390x.rpm\ngdm-debuginfo-40.0-15.el8.s390x.rpm\ngdm-debugsource-40.0-15.el8.s390x.rpm\ngnome-autoar-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm\ngnome-calculator-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm\ngnome-control-center-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm\ngnome-online-accounts-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm\ngnome-session-3.28.1-13.el8.s390x.rpm\ngnome-session-debuginfo-3.28.1-13.el8.s390x.rpm\ngnome-session-debugsource-3.28.1-13.el8.s390x.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm\ngnome-session-wayland-session-3.28.1-13.el8.s390x.rpm\ngnome-session-xsession-3.28.1-13.el8.s390x.rpm\ngnome-settings-daemon-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm\ngnome-shell-3.32.2-40.el8.s390x.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm\ngnome-shell-debugsource-3.32.2-40.el8.s390x.rpm\ngnome-software-3.36.1-10.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm\ngtk-update-icon-cache-3.22.30-8.el8.s390x.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-3.22.30-8.el8.s390x.rpm\ngtk3-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-debugsource-3.22.30-8.el8.s390x.rpm\ngtk3-devel-3.22.30-8.el8.s390x.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm\nmutter-3.32.2-60.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\nvino-3.22.0-11.el8.s390x.rpm\nvino-debuginfo-3.22.0-11.el8.s390x.rpm\nvino-debugsource-3.22.0-11.el8.s390x.rpm\nwebkit2gtk3-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm\n\nx86_64:\nLibRaw-0.19.5-3.el8.i686.rpm\nLibRaw-0.19.5-3.el8.x86_64.rpm\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-0.6.55-2.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-0.6.55-2.el8.i686.rpm\naccountsservice-libs-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngdm-40.0-15.el8.i686.rpm\ngdm-40.0-15.el8.x86_64.rpm\ngdm-debuginfo-40.0-15.el8.i686.rpm\ngdm-debuginfo-40.0-15.el8.x86_64.rpm\ngdm-debugsource-40.0-15.el8.i686.rpm\ngdm-debugsource-40.0-15.el8.x86_64.rpm\ngnome-autoar-0.2.3-2.el8.i686.rpm\ngnome-autoar-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.i686.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm\ngnome-calculator-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm\ngnome-control-center-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm\ngnome-online-accounts-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm\ngnome-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm\ngnome-session-debugsource-3.28.1-13.el8.x86_64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-xsession-3.28.1-13.el8.x86_64.rpm\ngnome-settings-daemon-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm\ngnome-shell-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.x86_64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngsettings-desktop-schemas-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-3.22.30-8.el8.i686.rpm\ngtk3-3.22.30-8.el8.x86_64.rpm\ngtk3-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-debugsource-3.22.30-8.el8.i686.rpm\ngtk3-debugsource-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-3.22.30-8.el8.i686.rpm\ngtk3-devel-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm\nmutter-3.32.2-60.el8.i686.rpm\nmutter-3.32.2-60.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\nvino-3.22.0-11.el8.x86_64.rpm\nvino-debuginfo-3.22.0-11.el8.x86_64.rpm\nvino-debugsource-3.22.0-11.el8.x86_64.rpm\nwebkit2gtk3-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ngsettings-desktop-schemas-3.32.0-6.el8.src.rpm\n\naarch64:\ngsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm\n\nppc64le:\ngsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm\n\ns390x:\ngsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm\n\nx86_64:\ngsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-devel-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngnome-software-devel-3.36.1-10.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-devel-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\n\nppc64le:\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-devel-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-devel-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngnome-software-devel-3.36.1-10.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-devel-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\n\ns390x:\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-devel-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngnome-software-devel-3.36.1-10.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-devel-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\n\nx86_64:\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-devel-0.19.5-3.el8.i686.rpm\nLibRaw-devel-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-devel-0.6.55-2.el8.i686.rpm\naccountsservice-devel-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.i686.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngnome-software-devel-3.36.1-10.el8.i686.rpm\ngnome-software-devel-3.36.1-10.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-devel-3.32.2-60.el8.i686.rpm\nmutter-devel-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13558\nhttps://access.redhat.com/security/cve/CVE-2020-24870\nhttps://access.redhat.com/security/cve/CVE-2020-27918\nhttps://access.redhat.com/security/cve/CVE-2020-29623\nhttps://access.redhat.com/security/cve/CVE-2020-36241\nhttps://access.redhat.com/security/cve/CVE-2021-1765\nhttps://access.redhat.com/security/cve/CVE-2021-1788\nhttps://access.redhat.com/security/cve/CVE-2021-1789\nhttps://access.redhat.com/security/cve/CVE-2021-1799\nhttps://access.redhat.com/security/cve/CVE-2021-1801\nhttps://access.redhat.com/security/cve/CVE-2021-1844\nhttps://access.redhat.com/security/cve/CVE-2021-1870\nhttps://access.redhat.com/security/cve/CVE-2021-1871\nhttps://access.redhat.com/security/cve/CVE-2021-21775\nhttps://access.redhat.com/security/cve/CVE-2021-21779\nhttps://access.redhat.com/security/cve/CVE-2021-21806\nhttps://access.redhat.com/security/cve/CVE-2021-28650\nhttps://access.redhat.com/security/cve/CVE-2021-30663\nhttps://access.redhat.com/security/cve/CVE-2021-30665\nhttps://access.redhat.com/security/cve/CVE-2021-30682\nhttps://access.redhat.com/security/cve/CVE-2021-30689\nhttps://access.redhat.com/security/cve/CVE-2021-30720\nhttps://access.redhat.com/security/cve/CVE-2021-30734\nhttps://access.redhat.com/security/cve/CVE-2021-30744\nhttps://access.redhat.com/security/cve/CVE-2021-30749\nhttps://access.redhat.com/security/cve/CVE-2021-30758\nhttps://access.redhat.com/security/cve/CVE-2021-30795\nhttps://access.redhat.com/security/cve/CVE-2021-30797\nhttps://access.redhat.com/security/cve/CVE-2021-30799\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized\nusage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. \n\nInstallation note:\n\nThis update may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-05-25-7 tvOS 14.6\n\ntvOS 14.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212532. \n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30707: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro\n\nCoreAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30686: Mickey Jin of Trend Micro\n\nCrash Reporter\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30727: Cees Elzinga\n\nCVMS\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local attacker may be able to elevate  their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro\n\nHeimdal\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local user may be able to leak sensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30697: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30710: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of\nBaidu Security\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted ASTC file may disclose\nmemory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30705: Ye Zhang of Baidu Security\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30740: Linus Henze (pinauten.de)\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30704: an anonymous researcher\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30715: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2021-30736: Ian Beer of Google Project Zero\n\nLaunchServices\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2021-30677: Ron Waisberg (@epsilan)\n\nSecurity\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue in the ASN.1 decoder was\naddressed by removing the vulnerable code. Apple is aware of a report that this issue\nmay have been actively exploited. \nCVE-2021-30665: yangkang (@dnpushme)\u0026zerokeeper\u0026bianliang of 360 ATA\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A cross-origin issue with iframe elements was addressed\nwith improved tracking of security origins. \nCVE-2021-21779: Marcin Towalski of Cisco Talos\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30682: an anonymous researcher and 1lastBr3ath\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,\nASU. working with Trend Micro Zero Day Initiative\nCVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)\nworking with Trend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A logic issue was addressed with improved restrictions. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30663: an anonymous researcher\n\nAdditional recognition\n\nImageIO\nWe would like to acknowledge Jzhu working with Trend Micro Zero Day\nInitiative and an anonymous researcher for their assistance. \n\nWebKit\nWe would like to acknowledge Chris Salls (@salls) of Makai Security\nfor their assistance. \n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6\njjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p\n3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x\nd1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq\n7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf\nReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD\nmIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0\nrpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO\nZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8\noXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI\nsulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM\ndcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0=\n=BeQR\n-----END PGP SIGNATURE-----\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: WebkitGTK+: Multiple vulnerabilities\n     Date: February 01, 2022\n     Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n           #831739\n       ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-libs/webkit-gtk        \u003c 2.34.4                    \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n      https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n      https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n       https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n      https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n      https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-761"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390482"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30749"
      },
      {
        "db": "PACKETSTORM",
        "id": "169087"
      },
      {
        "db": "PACKETSTORM",
        "id": "164872"
      },
      {
        "db": "PACKETSTORM",
        "id": "165631"
      },
      {
        "db": "PACKETSTORM",
        "id": "162824"
      },
      {
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "db": "PACKETSTORM",
        "id": "162827"
      },
      {
        "db": "PACKETSTORM",
        "id": "165794"
      }
    ],
    "trust": 3.06
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-390482",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390482"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30749",
        "trust": 4.8
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-761",
        "trust": 1.4
      },
      {
        "db": "PACKETSTORM",
        "id": "165794",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162824",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "164872",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12579",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1574",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0245",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2787",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2622",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2563",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1794",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3779",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "163696",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080506",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072919",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052508",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072711",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052506",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162827",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162825",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-390482",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30749",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169087",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165631",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-761"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390482"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30749"
      },
      {
        "db": "PACKETSTORM",
        "id": "169087"
      },
      {
        "db": "PACKETSTORM",
        "id": "164872"
      },
      {
        "db": "PACKETSTORM",
        "id": "165631"
      },
      {
        "db": "PACKETSTORM",
        "id": "162824"
      },
      {
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "db": "PACKETSTORM",
        "id": "162827"
      },
      {
        "db": "PACKETSTORM",
        "id": "165794"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30749"
      }
    ]
  },
  "id": "VAR-202109-1360",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390482"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T22:55:39.182000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HT212533 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT212528"
      },
      {
        "title": "Apple has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://support.apple.com/HT212529"
      },
      {
        "title": "Apple Safari Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=152061"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-30749 log"
      },
      {
        "title": "Apple: iOS 14.6 and iPadOS 14.6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aebc753d2fbbe6784a52339b16fd5417"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30749"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht212534"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212528"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212529"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212532"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212533"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2021-30749"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/ht212529"
      },
      {
        "trust": 0.7,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-761/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080506"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072711"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3779"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2622"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2787"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163696/ubuntu-security-notice-usn-5024-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164872/red-hat-security-advisory-2021-4381-05.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-36009"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1794"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2563"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052508"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162824/apple-security-advisory-2021-05-25-5.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052506"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072919"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165794/gentoo-linux-security-advisory-202202-01.html"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30744"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-1844"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21775"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-1871"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21806"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30734"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30758"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-1870"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-1801"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36241"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30797"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-1765"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30720"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13558"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-28650"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24870"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-1799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21779"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-29623"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-1789"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27918"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30795"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30663"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-1788"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30665"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30689"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-30682"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30715"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30740"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30710"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30697"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30685"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30737"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30704"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30736"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30707"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30686"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30687"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30677"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30727"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30724"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30700"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30701"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2021-30749"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht212528"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/webkit2gtk"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1765"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1870"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24870"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36241"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28650"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3200"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27823"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35522"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3733"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35524"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3575"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15389"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27645"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33574"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-5727"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13435"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33929"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24370"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14145"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12973"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33928"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25014"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19603"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-35942"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-18032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3572"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36086"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33930"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16135"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-26927"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36084"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20847"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-17541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36087"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36331"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-5785"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31535"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3445"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27814"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20266"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14155"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3948"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27828"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33560"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17595"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3481"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-42574"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25009"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25010"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29338"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28153"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-26926"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3426"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3580"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3796"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3272"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30698"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212534."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212532."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212533."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30681"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2021-0005.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/202202-01"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2021-0004.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2021-0006.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-761"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390482"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30749"
      },
      {
        "db": "PACKETSTORM",
        "id": "169087"
      },
      {
        "db": "PACKETSTORM",
        "id": "164872"
      },
      {
        "db": "PACKETSTORM",
        "id": "165631"
      },
      {
        "db": "PACKETSTORM",
        "id": "162824"
      },
      {
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "db": "PACKETSTORM",
        "id": "162827"
      },
      {
        "db": "PACKETSTORM",
        "id": "165794"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30749"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-761",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-390482",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30749",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169087",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164872",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165631",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162824",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162825",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162827",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165794",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1574",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30749",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-06-25T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-761",
        "ident": null
      },
      {
        "date": "2021-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390482",
        "ident": null
      },
      {
        "date": "2021-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169087",
        "ident": null
      },
      {
        "date": "2021-11-10T17:09:58",
        "db": "PACKETSTORM",
        "id": "164872",
        "ident": null
      },
      {
        "date": "2022-01-20T17:48:29",
        "db": "PACKETSTORM",
        "id": "165631",
        "ident": null
      },
      {
        "date": "2021-05-26T17:48:26",
        "db": "PACKETSTORM",
        "id": "162824",
        "ident": null
      },
      {
        "date": "2021-05-26T17:50:13",
        "db": "PACKETSTORM",
        "id": "162825",
        "ident": null
      },
      {
        "date": "2021-05-26T17:50:55",
        "db": "PACKETSTORM",
        "id": "162827",
        "ident": null
      },
      {
        "date": "2022-02-01T17:03:05",
        "db": "PACKETSTORM",
        "id": "165794",
        "ident": null
      },
      {
        "date": "2021-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1574",
        "ident": null
      },
      {
        "date": "2022-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013518",
        "ident": null
      },
      {
        "date": "2021-09-08T14:15:09.767000",
        "db": "NVD",
        "id": "CVE-2021-30749",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-06-25T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-761",
        "ident": null
      },
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390482",
        "ident": null
      },
      {
        "date": "2023-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1574",
        "ident": null
      },
      {
        "date": "2022-09-14T09:31:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013518",
        "ident": null
      },
      {
        "date": "2023-01-09T16:41:59.350000",
        "db": "NVD",
        "id": "CVE-2021-30749",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1574"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "plural \u00a0Apple\u00a0 Out-of-bounds write vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013518"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1574"
      }
    ],
    "trust": 0.6
  }
}

VAR-202210-1888

Vulnerability from variot - Updated: 2026-04-10 22:55

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent POST request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. (CVE-2022-42915). ========================================================================== Ubuntu Security Notice USN-5702-1 October 26, 2022

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 22.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. (CVE-2022-32221)

Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-35260)

It was discovered that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)

Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.10: curl 7.85.0-1ubuntu0.1 libcurl3-gnutls 7.85.0-1ubuntu0.1 libcurl3-nss 7.85.0-1ubuntu0.1 libcurl4 7.85.0-1ubuntu0.1

Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.6 libcurl3-gnutls 7.81.0-1ubuntu1.6 libcurl3-nss 7.81.0-1ubuntu1.6 libcurl4 7.81.0-1ubuntu1.6

Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.14 libcurl3-gnutls 7.68.0-1ubuntu2.14 libcurl3-nss 7.68.0-1ubuntu2.14 libcurl4 7.68.0-1ubuntu2.14

Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.21 libcurl3-gnutls 7.58.0-2ubuntu3.21 libcurl3-nss 7.58.0-2ubuntu3.21 libcurl4 7.58.0-2ubuntu3.21

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01

                                       https://security.gentoo.org/

Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01

Synopsis

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

Background

A command line tool and library for transferring data with URLs.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.86.0 >= 7.86.0

Description

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All curl users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202212-01

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

macOS Ventura 13.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213605.

AppleMobileFileIntegrity Available for: macOS Ventura Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)

curl Available for: macOS Ventura Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260

dcerpc Available for: macOS Ventura Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

DiskArbitration Available for: macOS Ventura Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

ImageIO Available for: macOS Ventura Impact: Processing an image may lead to a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

Intel Graphics Driver Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23507: an anonymous researcher

Kernel Available for: macOS Ventura Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

Kernel Available for: macOS Ventura Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23504: Adam Doupé of ASU SEFCOM

libxpc Available for: macOS Ventura Impact: An app may be able to access user-sensitive data Description: A permissions issue was addressed with improved validation. CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Mail Drafts Available for: macOS Ventura Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account Description: A logic issue was addressed with improved state management. CVE-2023-23498: an anonymous researcher

Maps Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2023-23503: an anonymous researcher

PackageKit Available for: macOS Ventura Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t)

Safari Available for: macOS Ventura Impact: An app may be able to access a user’s Safari history Description: A permissions issue was addressed with improved validation. CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Safari Available for: macOS Ventura Impact: Visiting a website may lead to an app denial-of-service Description: The issue was addressed with improved handling of caches. CVE-2023-23512: Adriatik Raci

Screen Time Available for: macOS Ventura Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

Vim Available for: macOS Ventura Impact: Multiple issues in Vim Description: A use after free issue was addressed with improved memory management. CVE-2022-3705

Weather Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved checks. WebKit Bugzilla: 245464 CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences

WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Wi-Fi Available for: macOS Ventura Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

Windows Installer Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t)

Additional recognition

Bluetooth We would like to acknowledge an anonymous researcher for their assistance.

Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance.

Shortcuts We would like to acknowledge Baibhav Anand Jha from ReconWithMe and Cristian Dinca of Tudor Vianu National High School of Computer Science, Romania for their assistance.

WebKit We would like to acknowledge Eliya Stein of Confiant for their assistance.

macOS Ventura 13.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke Nxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk 7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb m9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U VsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd Cx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp TCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK rrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg joKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9 3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq QR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU /Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w= =pcJ4 -----END PGP SIGNATURE-----

Software Description: - mysql-8.0: MySQL database - mysql-5.7: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. In general, a standard system update will make all the necessary changes.

For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u5. This update also revises the fix for CVE-2022-27774 released in DSA-5197-1.

We recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: curl security update Advisory ID: RHSA-2023:4139-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4139 Issue date: 2023-07-18 CVE Names: CVE-2022-32221 CVE-2023-23916 =====================================================================

Summary:

An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: POST following PUT confusion (CVE-2022-32221)
curl: HTTP multi-header compression denial of service (CVE-2023-23916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

2135411 - CVE-2022-32221 curl: POST following PUT confusion 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64: curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

ppc64le: curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

s390x: curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

x86_64: curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.6.i686.rpm curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-devel-7.76.1-14.el9_0.6.i686.rpm libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source: curl-7.76.1-14.el9_0.6.src.rpm

aarch64: curl-7.76.1-14.el9_0.6.aarch64.rpm curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-7.76.1-14.el9_0.6.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

ppc64le: curl-7.76.1-14.el9_0.6.ppc64le.rpm curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

s390x: curl-7.76.1-14.el9_0.6.s390x.rpm curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-7.76.1-14.el9_0.6.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

x86_64: curl-7.76.1-14.el9_0.6.x86_64.rpm curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.6.i686.rpm curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-7.76.1-14.el9_0.6.i686.rpm libcurl-7.76.1-14.el9_0.6.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.86.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6.3"
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32221"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169538"
      },
      {
        "db": "PACKETSTORM",
        "id": "169535"
      },
      {
        "db": "PACKETSTORM",
        "id": "170729"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2022-32221",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-32221",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-32221",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-32221",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202210-2214",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32221"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32221"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. (CVE-2022-42915). ==========================================================================\nUbuntu Security Notice USN-5702-1\nOctober 26, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nRobby Simpson discovered that curl incorrectly handled certain POST\noperations after PUT operations. \n(CVE-2022-32221)\n\nHiroki Kurosawa discovered that curl incorrectly handled parsing .netrc\nfiles. If an attacker were able to provide a specially crafted .netrc file,\nthis issue could cause curl to crash, resulting in a denial of service. \nThis issue only affected Ubuntu 22.10. (CVE-2022-35260)\n\nIt was discovered that curl incorrectly handled certain HTTP proxy return\ncodes. A remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)\n\nHiroki Kurosawa discovered that curl incorrectly handled HSTS support\nwhen certain hostnames included IDN characters. A remote attacker could\npossibly use this issue to cause curl to use unencrypted connections. This\nissue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n   curl                            7.85.0-1ubuntu0.1\n   libcurl3-gnutls                 7.85.0-1ubuntu0.1\n   libcurl3-nss                    7.85.0-1ubuntu0.1\n   libcurl4                        7.85.0-1ubuntu0.1\n\nUbuntu 22.04 LTS:\n   curl                            7.81.0-1ubuntu1.6\n   libcurl3-gnutls                 7.81.0-1ubuntu1.6\n   libcurl3-nss                    7.81.0-1ubuntu1.6\n   libcurl4                        7.81.0-1ubuntu1.6\n\nUbuntu 20.04 LTS:\n   curl                            7.68.0-1ubuntu2.14\n   libcurl3-gnutls                 7.68.0-1ubuntu2.14\n   libcurl3-nss                    7.68.0-1ubuntu2.14\n   libcurl4                        7.68.0-1ubuntu2.14\n\nUbuntu 18.04 LTS:\n   curl                            7.58.0-2ubuntu3.21\n   libcurl3-gnutls                 7.58.0-2ubuntu3.21\n   libcurl3-nss                    7.58.0-2ubuntu3.21\n   libcurl4                        7.58.0-2ubuntu3.21\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2023-01-23-4 macOS Ventura 13.2\n\nmacOS Ventura 13.2 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213605. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Ventura\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2023-23499: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n(wojciechregula.blog)\n\ncurl\nAvailable for: macOS Ventura\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.86.0. \nCVE-2022-42915\nCVE-2022-42916\nCVE-2022-32221\nCVE-2022-35260\n\ndcerpc\nAvailable for: macOS Ventura\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco\nTalos\n\nDiskArbitration\nAvailable for: macOS Ventura\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)\n\nImageIO\nAvailable for: macOS Ventura\nImpact: Processing an image may lead to a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2023-23519: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2023-23507: an anonymous researcher\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23504: Adam Doup\u00e9 of ASU SEFCOM\n\nlibxpc\nAvailable for: macOS Ventura\nImpact: An app may be able to access user-sensitive data\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nMail Drafts\nAvailable for: macOS Ventura\nImpact: The quoted original message may be selected from the wrong\nemail when forwarding an email from an Exchange account\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23498: an anonymous researcher\n\nMaps\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23503: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Ventura\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23497: Mickey Jin (@patch1t)\n\nSafari\nAvailable for: macOS Ventura\nImpact: An app may be able to access a user\u2019s Safari history\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nSafari\nAvailable for: macOS Ventura\nImpact: Visiting a website may lead to an app denial-of-service\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2023-23512: Adriatik Raci\n\nScreen Time\nAvailable for: macOS Ventura\nImpact: An app may be able to access information about a user\u2019s\ncontacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2023-23505: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nVim\nAvailable for: macOS Ventura\nImpact: Multiple issues in Vim\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-3705\n\nWeather\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an\nanonymous researcher\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved checks. \nWebKit Bugzilla: 245464\nCVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming\nWang, JiKai Ren and Hang Shu of Institute of Computing Technology,\nChinese Academy of Sciences\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nWebKit Bugzilla: 248268\nCVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\nWebKit Bugzilla: 248268\nCVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\n\nWi-Fi\nAvailable for: macOS Ventura\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nWindows Installer\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23508: Mickey Jin (@patch1t)\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nKernel\nWe would like to acknowledge Nick Stenning of Replicate for their\nassistance. \n\nShortcuts\nWe would like to acknowledge Baibhav Anand Jha from ReconWithMe and\nCristian Dinca of Tudor Vianu National High School of Computer\nScience, Romania for their assistance. \n\nWebKit\nWe would like to acknowledge Eliya Stein of Confiant for their\nassistance. \n\nmacOS Ventura 13.2 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke\nNxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk\n7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb\nm9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U\nVsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd\nCx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp\nTCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK\nrrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg\njoKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9\n3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq\nQR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU\n/Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w=\n=pcJ4\n-----END PGP SIGNATURE-----\n\n\n. \n\nSoftware Description:\n- mysql-8.0: MySQL database\n- mysql-5.7: MySQL database\n\nDetails:\n\nMultiple security issues were discovered in MySQL and this update includes\nnew upstream MySQL versions to fix these issues. \n\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes. In general, a standard system update will make all the necessary\nchanges. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u5. This update also revises the fix for\nCVE-2022-27774 released in DSA-5197-1. \n\nWe recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2023:4139-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:4139\nIssue date:        2023-07-18\nCVE Names:         CVE-2022-32221 CVE-2023-23916 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9.0\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: POST following PUT confusion (CVE-2022-32221)\n\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream EUS (v.9.0):\n\naarch64:\ncurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS EUS (v.9.0):\n\nSource:\ncurl-7.76.1-14.el9_0.6.src.rpm\n\naarch64:\ncurl-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\n\nx86_64:\ncurl-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32221\nhttps://access.redhat.com/security/cve/CVE-2023-23916\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32221"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424148"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32221"
      },
      {
        "db": "PACKETSTORM",
        "id": "169538"
      },
      {
        "db": "PACKETSTORM",
        "id": "169535"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170696"
      },
      {
        "db": "PACKETSTORM",
        "id": "170729"
      },
      {
        "db": "PACKETSTORM",
        "id": "170777"
      },
      {
        "db": "PACKETSTORM",
        "id": "173569"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32221",
        "trust": 2.6
      },
      {
        "db": "HACKERONE",
        "id": "1704017",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/05/17/4",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "170777",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169535",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169538",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "170166",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3143",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3732",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.4030",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5421",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6333",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "170729",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170648",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-424148",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32221",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170697",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170696",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "173569",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424148"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32221"
      },
      {
        "db": "PACKETSTORM",
        "id": "169538"
      },
      {
        "db": "PACKETSTORM",
        "id": "169535"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170696"
      },
      {
        "db": "PACKETSTORM",
        "id": "170729"
      },
      {
        "db": "PACKETSTORM",
        "id": "170777"
      },
      {
        "db": "PACKETSTORM",
        "id": "173569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32221"
      }
    ]
  },
  "id": "VAR-202210-1888",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424148"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T22:55:07.161000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "curl Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216855"
      },
      {
        "title": "Ubuntu Security Notice: USN-5702-2: curl vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5702-2"
      },
      {
        "title": "Ubuntu Security Notice: USN-5702-1: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5702-1"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32221"
      },
      {
        "title": "IBM: Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=93e8baf3e9bfd9ab92a05b44368ef244"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32221"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-668",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424148"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32221"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20230110-0006/"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20230208-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213604"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213605"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2023/dsa-5330"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2023/jan/19"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2023/jan/20"
      },
      {
        "trust": 1.7,
        "url": "https://hackerone.com/reports/1704017"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.openwall.com/lists/oss-security/2023/05/17/4"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-32221"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32221/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.4030"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/curl-reuse-after-free-39731"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213604"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169538/ubuntu-security-notice-usn-5702-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169535/ubuntu-security-notice-usn-5702-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5421"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170777/debian-security-advisory-5330-1.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
      },
      {
        "trust": 0.3,
        "url": "https://ubuntu.com/security/notices/usn-5702-1"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5702-2"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23493"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23497"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23499"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23502"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.14"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23507"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23504"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23508"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213604."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213605."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23503"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23496"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23498"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23500"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21881"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.41-0ubuntu0.18.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21871"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21867"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5823-1"
      },
      {
        "trust": 0.1,
        "url": "https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/curl"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4139"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-23916"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424148"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32221"
      },
      {
        "db": "PACKETSTORM",
        "id": "169538"
      },
      {
        "db": "PACKETSTORM",
        "id": "169535"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170696"
      },
      {
        "db": "PACKETSTORM",
        "id": "170729"
      },
      {
        "db": "PACKETSTORM",
        "id": "170777"
      },
      {
        "db": "PACKETSTORM",
        "id": "173569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32221"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424148",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32221",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169538",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169535",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170697",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170696",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170729",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170777",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "173569",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32221",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-12-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424148",
        "ident": null
      },
      {
        "date": "2022-10-27T13:04:37",
        "db": "PACKETSTORM",
        "id": "169538",
        "ident": null
      },
      {
        "date": "2022-10-27T13:03:39",
        "db": "PACKETSTORM",
        "id": "169535",
        "ident": null
      },
      {
        "date": "2022-12-19T13:48:31",
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "date": "2023-01-24T16:41:07",
        "db": "PACKETSTORM",
        "id": "170697",
        "ident": null
      },
      {
        "date": "2023-01-24T16:40:49",
        "db": "PACKETSTORM",
        "id": "170696",
        "ident": null
      },
      {
        "date": "2023-01-25T16:09:53",
        "db": "PACKETSTORM",
        "id": "170729",
        "ident": null
      },
      {
        "date": "2023-01-30T16:25:15",
        "db": "PACKETSTORM",
        "id": "170777",
        "ident": null
      },
      {
        "date": "2023-07-18T13:47:37",
        "db": "PACKETSTORM",
        "id": "173569",
        "ident": null
      },
      {
        "date": "2022-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-2214",
        "ident": null
      },
      {
        "date": "2022-12-05T22:15:10.343000",
        "db": "NVD",
        "id": "CVE-2022-32221",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-03-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424148",
        "ident": null
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-2214",
        "ident": null
      },
      {
        "date": "2026-02-13T20:16:13.200000",
        "db": "NVD",
        "id": "CVE-2022-32221",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "curl Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2214"
      }
    ],
    "trust": 0.6
  }
}

VAR-202203-0131

Vulnerability from variot - Updated: 2026-04-10 22:53

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

This release includes security and bug fixes, and enhancements. Bugs fixed (https://bugzilla.redhat.com/):

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays

JIRA issues fixed (https://issues.jboss.org/):

LOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3252 - [release-5.4]Adding Valid Subscription Annotation

Description:

Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

This advisory covers container images for the release.

Security Fix(es):

goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)
golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
kiali: error message spoofing in kiali UI (CVE-2022-3962)
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

JIRA issues fixed (https://issues.jboss.org/):

Summary:

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Description:

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2132957 - Migration fails at UnQuiesceDestApplications step in OCP 4.12 2137304 - Location for host cluster is missing in the UI 2140208 - When editing a MigHook in the UI, the page may fail to reload 2143628 - Unable to create Storage Class Conversion plan due to missing cronjob error in OCP 4.12 2143872 - Namespaces page in web console stuck in loading phase 2149920 - Migration fails at prebackupHooks step

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Relevant releases/architectures:

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source: webkit2gtk3-2.36.7-1.el8.src.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source: glib2-2.56.4-159.el8.src.rpm

Red Hat CodeReady Linux Builder (v. 8):

noarch: glib2-doc-2.56.4-159.el8.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

                                       https://security.gentoo.org/

Severity: High Title: WebKitGTK+: Multiple Vulnerabilities Date: August 31, 2022 Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990 ID: 202208-39

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-libs/webkit-gtk < 2.36.7 >= 2.36.7

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All WebKitGTK+ users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7"

References

[ 1 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 2 ] CVE-2022-22589 https://nvd.nist.gov/vuln/detail/CVE-2022-22589 [ 3 ] CVE-2022-22590 https://nvd.nist.gov/vuln/detail/CVE-2022-22590 [ 4 ] CVE-2022-22592 https://nvd.nist.gov/vuln/detail/CVE-2022-22592 [ 5 ] CVE-2022-22620 https://nvd.nist.gov/vuln/detail/CVE-2022-22620 [ 6 ] CVE-2022-22624 https://nvd.nist.gov/vuln/detail/CVE-2022-22624 [ 7 ] CVE-2022-22628 https://nvd.nist.gov/vuln/detail/CVE-2022-22628 [ 8 ] CVE-2022-22629 https://nvd.nist.gov/vuln/detail/CVE-2022-22629 [ 9 ] CVE-2022-22662 https://nvd.nist.gov/vuln/detail/CVE-2022-22662 [ 10 ] CVE-2022-22677 https://nvd.nist.gov/vuln/detail/CVE-2022-22677 [ 11 ] CVE-2022-26700 https://nvd.nist.gov/vuln/detail/CVE-2022-26700 [ 12 ] CVE-2022-26709 https://nvd.nist.gov/vuln/detail/CVE-2022-26709 [ 13 ] CVE-2022-26710 https://nvd.nist.gov/vuln/detail/CVE-2022-26710 [ 14 ] CVE-2022-26716 https://nvd.nist.gov/vuln/detail/CVE-2022-26716 [ 15 ] CVE-2022-26717 https://nvd.nist.gov/vuln/detail/CVE-2022-26717 [ 16 ] CVE-2022-26719 https://nvd.nist.gov/vuln/detail/CVE-2022-26719 [ 17 ] CVE-2022-30293 https://nvd.nist.gov/vuln/detail/CVE-2022-30293 [ 18 ] CVE-2022-30294 https://nvd.nist.gov/vuln/detail/CVE-2022-30294 [ 19 ] CVE-2022-32784 https://nvd.nist.gov/vuln/detail/CVE-2022-32784 [ 20 ] CVE-2022-32792 https://nvd.nist.gov/vuln/detail/CVE-2022-32792 [ 21 ] CVE-2022-32893 https://nvd.nist.gov/vuln/detail/CVE-2022-32893 [ 22 ] WSA-2022-0002 https://webkitgtk.org/security/WSA-2022-0002.html [ 23 ] WSA-2022-0003 https://webkitgtk.org/security/WSA-2022-0003.html [ 24 ] WSA-2022-0007 https://webkitgtk.org/security/WSA-2022-0007.html [ 25 ] WSA-2022-0008 https://webkitgtk.org/security/WSA-2022-0008.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202208-39

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.4"
      },
      {
        "_id": null,
        "model": "ipad os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.4"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.5"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.4"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22628"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170956"
      },
      {
        "db": "PACKETSTORM",
        "id": "169920"
      },
      {
        "db": "PACKETSTORM",
        "id": "169889"
      },
      {
        "db": "PACKETSTORM",
        "id": "170806"
      },
      {
        "db": "PACKETSTORM",
        "id": "170243"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      },
      {
        "db": "PACKETSTORM",
        "id": "170179"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2022-22628",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-22628",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22628",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-22628",
            "trust": 1.0,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22628"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22628"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. \n\nThis release includes security and bug fixes, and enhancements. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3252 - [release-5.4]Adding Valid Subscription Annotation\n\n6. Description:\n\nRed Hat OpenShift Service Mesh is the Red Hat distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. \n\nThis advisory covers container images for the release. \n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as\nrandom as they should be (CVE-2021-4238)\n* golang: archive/tar: unbounded memory consumption when reading headers\n(CVE-2022-2879)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable\nquery parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY\n(CVE-2022-27664)\n* Istio: Denial of service attack via a specially crafted message\n(CVE-2022-39278)\n* golang: regexp/syntax: limit memory used by parsing regexps\n(CVE-2022-41715)\n* kiali: error message spoofing in kiali UI (CVE-2022-3962)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the\nencoded message is too short, potentially allowing a denial of service\n(CVE-2022-32189)\n\nFor more details about security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, see the CVE page(s)\nlisted in the Container CVEs section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2148199 - CVE-2022-39278 Istio: Denial of service attack via a specially crafted message\n2148661 - CVE-2022-3962 kiali: error message spoofing in kiali UI\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1977 - Support for Istio Gateway API in Kiali\nOSSM-2083 - Update maistra/istio 2.3 to Istio 1.14.5\nOSSM-2147 - Unexpected validation message on Gateway object\nOSSM-2169 - Member controller doesn\u0027t retry on conflict\nOSSM-2170 - Member namespaces aren\u0027t cleaned up when a cluster-scoped SMMR is deleted\nOSSM-2179 - Wasm plugins only support OCI images with 1 layer\nOSSM-2184 - Istiod isn\u0027t allowed to delete analysis distribution report configmap\nOSSM-2188 - Member namespaces not cleaned up when SMCP is deleted\nOSSM-2189 - If multiple SMCPs exist in a namespace, the controller reconciles them all\nOSSM-2190 - The memberroll controller reconciles SMMRs with invalid name\nOSSM-2232 - The member controller reconciles ServiceMeshMember with invalid name\nOSSM-2241 - Remove v2.0 from Create ServiceMeshControlPlane Form\nOSSM-2251 - CVE-2022-3962 openshift-istio-kiali-container: kiali: content spoofing [ossm-2.3]\nOSSM-2308 - add root CA certificates to kiali container\nOSSM-2315 - be able to customize openshift auth timeouts\nOSSM-2324 - Gateway injection does not work when pods are created by cluster admins\nOSSM-2335 - Potential hang using Traces scatterplot chart\nOSSM-2338 - Federation deployment does not need router mode sni-dnat\nOSSM-2344 - Restarting istiod causes Kiali to flood CRI-O with port-forward requests\nOSSM-2375 - Istiod should log member namespaces on every update\nOSSM-2376 - ServiceMesh federation stops working after the restart of istiod pod\nOSSM-535 - Support validationMessages in SMCP\nOSSM-827 - ServiceMeshMembers point to wrong SMCP name\n\n6. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.6 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2132957 - Migration fails at UnQuiesceDestApplications step in OCP 4.12\n2137304 - Location for host cluster is missing in the UI\n2140208 - When editing a MigHook in the UI, the page may fail to reload\n2143628 - Unable to create Storage Class Conversion plan due to missing cronjob error in OCP 4.12\n2143872 - Namespaces page in web console stuck in loading phase\n2149920 - Migration fails at prebackupHooks step\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: webkit2gtk3 security and bug fix update\nAdvisory ID:       RHSA-2022:7704-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7704\nIssue date:        2022-11-08\nCVE Names:         CVE-2022-22624 CVE-2022-22628 CVE-2022-22629\n                   CVE-2022-22662 CVE-2022-26700 CVE-2022-26709\n                   CVE-2022-26710 CVE-2022-26716 CVE-2022-26717\n                   CVE-2022-26719 CVE-2022-30293\n====================================================================\n1. Summary:\n\nAn update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise\nLinux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nGLib provides the core application building blocks for libraries and\napplications written in C. It provides the core object system used in\nGNOME, the main loop implementation, and a large set of utility functions\nfor strings and common data structures. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.36.7-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-devel-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nglib2-2.56.4-159.el8.src.rpm\n\naarch64:\nglib2-2.56.4-159.el8.aarch64.rpm\nglib2-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-debugsource-2.56.4-159.el8.aarch64.rpm\nglib2-devel-2.56.4-159.el8.aarch64.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-fam-2.56.4-159.el8.aarch64.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-tests-2.56.4-159.el8.aarch64.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm\n\nppc64le:\nglib2-2.56.4-159.el8.ppc64le.rpm\nglib2-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-debugsource-2.56.4-159.el8.ppc64le.rpm\nglib2-devel-2.56.4-159.el8.ppc64le.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-fam-2.56.4-159.el8.ppc64le.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-tests-2.56.4-159.el8.ppc64le.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm\n\ns390x:\nglib2-2.56.4-159.el8.s390x.rpm\nglib2-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-debugsource-2.56.4-159.el8.s390x.rpm\nglib2-devel-2.56.4-159.el8.s390x.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-fam-2.56.4-159.el8.s390x.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-tests-2.56.4-159.el8.s390x.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm\n\nx86_64:\nglib2-2.56.4-159.el8.i686.rpm\nglib2-2.56.4-159.el8.x86_64.rpm\nglib2-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-debugsource-2.56.4-159.el8.i686.rpm\nglib2-debugsource-2.56.4-159.el8.x86_64.rpm\nglib2-devel-2.56.4-159.el8.i686.rpm\nglib2-devel-2.56.4-159.el8.x86_64.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-fam-2.56.4-159.el8.x86_64.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-tests-2.56.4-159.el8.x86_64.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nglib2-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-debugsource-2.56.4-159.el8.aarch64.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm\nglib2-static-2.56.4-159.el8.aarch64.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm\n\nnoarch:\nglib2-doc-2.56.4-159.el8.noarch.rpm\n\nppc64le:\nglib2-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-debugsource-2.56.4-159.el8.ppc64le.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm\nglib2-static-2.56.4-159.el8.ppc64le.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm\n\ns390x:\nglib2-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-debugsource-2.56.4-159.el8.s390x.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm\nglib2-static-2.56.4-159.el8.s390x.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm\n\nx86_64:\nglib2-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-debugsource-2.56.4-159.el8.i686.rpm\nglib2-debugsource-2.56.4-159.el8.x86_64.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm\nglib2-static-2.56.4-159.el8.i686.rpm\nglib2-static-2.56.4-159.el8.x86_64.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.i686.rpm\nglib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY2pSR9zjgjWX9erEAQiQFQ//YREiZYxfs4xndA0wPNv+fq6qubz4ht3h\nFycNYUUhtiB+KqnpXfelECae9VC+jtDaBqrmopN4kGYPERbIBNOaxDM/AjiwQoRy\nWAMPMG0Nf7bES6RH793l9a36dPezHS7FQymSw1UsWgiFLEzalcP41UhJmz2ehhnF\n89oC3QQ831rCFn637hiTMFkaOMhQsR+P7iCnpDXEA9f3jadtWkMk+ALkddEGR+zr\nbbCVMi3vd4q1w854SOU0mZjdBXd3JKcBFq5Iux1gY6XVDCilgU6QgZaltJJQx2u6\nJ3qGFykmSwgoCfvz2QUBMH5x3gYJHknfa1CrqgOtOC5gpO9ChEyRg7T5aC/mpY4P\nkfFh0VJEOZS29b34KOlKvXCRbgDjvuBy8EHvqJCs29a9ISOWOpZ8qsLDjTMBk+MR\nAU+J3Ym3ZiRaQhpFDDSakcuub0DAHESbokIsTHlsOt8J80GspJod3GRl2BUfY4FH\nuVH6t7IIL0k6zL/1si7cEnT1uMxp7rPh70KPSG0hm2CHrJ6MOLt9D6/eAuj7xAEL\nvkxev1kJ28kXoovVYmylhcjxX4w6v1M9QGE7IBMFEnFDi6btyWNDjD1vLGvmbuIT\niJ120wnUt3kGH0vMLO2+Rfwj7jYVyR08tTY8JDtrxbhrUThjhJ9GCTLg3s+MaYVk\nJ8NwK2xt2AQ=vhlq\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202208-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: WebKitGTK+: Multiple Vulnerabilities\n     Date: August 31, 2022\n     Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990\n       ID: 202208-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-libs/webkit-gtk        \u003c 2.36.7                    \u003e= 2.36.7\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebKitGTK+ users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.36.7\"\n\nReferences\n=========\n[ 1 ] CVE-2022-2294\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2294\n[ 2 ] CVE-2022-22589\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22589\n[ 3 ] CVE-2022-22590\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22590\n[ 4 ] CVE-2022-22592\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22592\n[ 5 ] CVE-2022-22620\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22620\n[ 6 ] CVE-2022-22624\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22624\n[ 7 ] CVE-2022-22628\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22628\n[ 8 ] CVE-2022-22629\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22629\n[ 9 ] CVE-2022-22662\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22662\n[ 10 ] CVE-2022-22677\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22677\n[ 11 ] CVE-2022-26700\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26700\n[ 12 ] CVE-2022-26709\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26709\n[ 13 ] CVE-2022-26710\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26710\n[ 14 ] CVE-2022-26716\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26716\n[ 15 ] CVE-2022-26717\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26717\n[ 16 ] CVE-2022-26719\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26719\n[ 17 ] CVE-2022-30293\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30293\n[ 18 ] CVE-2022-30294\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30294\n[ 19 ] CVE-2022-32784\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32784\n[ 20 ] CVE-2022-32792\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32792\n[ 21 ] CVE-2022-32893\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32893\n[ 22 ] WSA-2022-0002\n      https://webkitgtk.org/security/WSA-2022-0002.html\n[ 23 ] WSA-2022-0003\n      https://webkitgtk.org/security/WSA-2022-0003.html\n[ 24 ] WSA-2022-0007\n      https://webkitgtk.org/security/WSA-2022-0007.html\n[ 25 ] WSA-2022-0008\n      https://webkitgtk.org/security/WSA-2022-0008.html\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-39\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22628"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411256"
      },
      {
        "db": "PACKETSTORM",
        "id": "170956"
      },
      {
        "db": "PACKETSTORM",
        "id": "169920"
      },
      {
        "db": "PACKETSTORM",
        "id": "169889"
      },
      {
        "db": "PACKETSTORM",
        "id": "170806"
      },
      {
        "db": "PACKETSTORM",
        "id": "170243"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      },
      {
        "db": "PACKETSTORM",
        "id": "170179"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "PACKETSTORM",
        "id": "168226"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22628",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "170956",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169920",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168226",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169760",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170806",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169889",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170210",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171026",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171144",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170898",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-411256",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170243",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170179",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172460",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411256"
      },
      {
        "db": "PACKETSTORM",
        "id": "170956"
      },
      {
        "db": "PACKETSTORM",
        "id": "169920"
      },
      {
        "db": "PACKETSTORM",
        "id": "169889"
      },
      {
        "db": "PACKETSTORM",
        "id": "170806"
      },
      {
        "db": "PACKETSTORM",
        "id": "170243"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      },
      {
        "db": "PACKETSTORM",
        "id": "170179"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "PACKETSTORM",
        "id": "168226"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22628"
      }
    ]
  },
  "id": "VAR-202203-0131",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411256"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T22:53:55.948000Z",
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411256"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22628"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213182"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213183"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213186"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213187"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht213193"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-27664"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-46848"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-35737"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-2880"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-41715"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-32189"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42011"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-2879"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40304"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-43680"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42010"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40303"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42004"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36518"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42003"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0561"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0865"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22844"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0924"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0909"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0891"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0562"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1355"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0908"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-21843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7435"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32149"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8054"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39278"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21713"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21713"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21703"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21703"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3962"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1122"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:9047"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0924"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1122"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7704"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21628"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2639"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1055"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26373"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-20368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1048"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0854"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29581"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1016"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2078"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21499"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-36946"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1852"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21626"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28390"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27950"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23960"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30002"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1184"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25255"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28893"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-23916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-47629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41724"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32190"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4415"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41725"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27664"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2022-0008.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30294"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2022-0002.html"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/202208-39"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22592"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2022-0003.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32784"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2022-0007.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411256"
      },
      {
        "db": "PACKETSTORM",
        "id": "170956"
      },
      {
        "db": "PACKETSTORM",
        "id": "169920"
      },
      {
        "db": "PACKETSTORM",
        "id": "169889"
      },
      {
        "db": "PACKETSTORM",
        "id": "170806"
      },
      {
        "db": "PACKETSTORM",
        "id": "170243"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      },
      {
        "db": "PACKETSTORM",
        "id": "170179"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "PACKETSTORM",
        "id": "168226"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22628"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-411256",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170956",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169920",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169889",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170806",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170243",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169760",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170179",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "172460",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168226",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22628",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411256",
        "ident": null
      },
      {
        "date": "2023-02-10T15:49:15",
        "db": "PACKETSTORM",
        "id": "170956",
        "ident": null
      },
      {
        "date": "2022-11-17T13:23:05",
        "db": "PACKETSTORM",
        "id": "169920",
        "ident": null
      },
      {
        "date": "2022-11-16T16:08:17",
        "db": "PACKETSTORM",
        "id": "169889",
        "ident": null
      },
      {
        "date": "2023-01-31T17:11:04",
        "db": "PACKETSTORM",
        "id": "170806",
        "ident": null
      },
      {
        "date": "2022-12-15T15:35:54",
        "db": "PACKETSTORM",
        "id": "170243",
        "ident": null
      },
      {
        "date": "2022-11-08T13:47:18",
        "db": "PACKETSTORM",
        "id": "169760",
        "ident": null
      },
      {
        "date": "2022-12-09T14:52:40",
        "db": "PACKETSTORM",
        "id": "170179",
        "ident": null
      },
      {
        "date": "2023-05-19T14:41:19",
        "db": "PACKETSTORM",
        "id": "172460",
        "ident": null
      },
      {
        "date": "2022-09-01T16:33:44",
        "db": "PACKETSTORM",
        "id": "168226",
        "ident": null
      },
      {
        "date": "2022-09-23T19:15:11.080000",
        "db": "NVD",
        "id": "CVE-2022-22628",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-09-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411256",
        "ident": null
      },
      {
        "date": "2025-05-22T16:15:51.603000",
        "db": "NVD",
        "id": "CVE-2022-22628",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Red Hat Security Advisory 2023-0709-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170956"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "overflow, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169889"
      },
      {
        "db": "PACKETSTORM",
        "id": "169760"
      }
    ],
    "trust": 0.2
  }
}

VAR-202005-0473

Vulnerability from variot - Updated: 2026-04-10 22:52

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite is an open source embedded relational database management system based on C language developed by American D.Richard Hipp software developer. The system has the characteristics of independence, isolation and cross-platform. The sqlite3_str_vappendf of the printf.c file in SQLite 3.32.0 and earlier versions has an input validation error vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code by sending a specially crafted request. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Description:

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Bugs fixed (https://bugzilla.redhat.com/):

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/

Security fixes:

redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)

Bug fixes:

RHACM 2.2.4 images (BZ# 1957254)
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
ACM Operator should support using the default route TLS (BZ# 1955270)
The scrolling bar for search filter does not work properly (BZ# 1956852)
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
Bugs fixed (https://bugzilla.redhat.com/):

1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary:

Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.

Description:

Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)
Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)
Previously, the PVCs could not be provisioned as the rook-ceph-mds did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument --public-addr=podIP is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558)
Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the mds_cache_memory_limit argument during upgrades. With this update, the mds_cache_memory_limit argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348)
Previously, the coredumps were not generated in the correct location as rook was setting the config option log_file to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the log_file to build the dump path. With this update, rook does not set the log_file and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under /var/log/ceph/. (BZ#1938049)
Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)
Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983)

All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod

References:

https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

Bug Fix(es):

WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
Telemetry info not completely available to identify windows nodes (BZ#1955319)
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
Solution:

For Windows Machine Config Operator upgrades, see the following documentation:

https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html

Bugs fixed (https://bugzilla.redhat.com/):

1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service

Bugs fixed (https://bugzilla.redhat.com/):

1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

JIRA issues fixed (https://issues.jboss.org/):

TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project

See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2021:2122

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

This update fixes the following bug among others:

Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)

Security Fix(es):

gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64

The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x

The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le

The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor

Solution:

For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html

Bugs fixed (https://bugzilla.redhat.com/):

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0

tvOS 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211843.

Assets Available for: Apple TV 4K and Apple TV HD Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: A trust issue was addressed by removing a legacy API. CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup Entry updated November 12, 2020

Audio Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020

Audio Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020

CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Playing a malicious audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020

CoreCapture Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas Entry added November 12, 2020

Disk Images Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Entry added November 12, 2020

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Entry added November 12, 2020

Keyboard Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany

libxml2 Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9981: found by OSS-Fuzz Entry added November 12, 2020

Sandbox Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added November 12, 2020

Sandbox Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester (@xpn) of TrustedSec Entry updated September 17, 2020

SQLite Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 Entry added November 12, 2020

SQLite Available for: Apple TV 4K and Apple TV HD Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Entry added November 12, 2020

SQLite Available for: Apple TV 4K and Apple TV HD Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 Entry added November 12, 2020

SQLite Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 Entry added November 12, 2020

SQLite Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Entry added November 12, 2020

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry added November 12, 2020

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Entry added November 12, 2020

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com)

Wi-Fi Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2020-10013: Yu Wang of Didi Research America Entry added November 12, 2020

Additional recognition

Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab for their assistance. Entry added November 12, 2020

Bluetooth We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.

Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Entry added November 12, 2020

Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

iAP We would like to acknowledge Andy Davis of NCC Group for their assistance.

Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. Entry updated November 12, 2020

Location Framework We would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. Entry updated October 19, 2020

Safari We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance. Entry added November 12, 2020

WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020

Installation note:

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."

To check the current version of software, select "Settings -> General -> About."

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uyHoACgkQZcsbuWJ6 jjAwvw/+LOihEZ6W7DntL6nfl432KOZ58vNbauzTxYCo6HHsfu9d80SP7BF/BiIf 5rXBfJSyP8K0cQwmhli5xv4DH2VPSwP9GKZXDEG9OYQoHZJ3aie2bOUyPlH14WTZ JbL00oIdSXaPeovCNah6ahyI6apX63NpJr3FZkbNCDFsGdv7bjkoshRacGMkVSqG ytAoAsTpuaQEzHCWkvj0hdUasB/VmlnZQS5CzasGplL+1Y6pkwxjxEnN4BlV1/Zn r7ZWn2SOrf1UZoB/TAE39WdXY7pZ2WfDIyOzIqCioPc3ZlE7bRh7KKRMHwXNDp6Q XMeb6G818+XpHFKTV/NbLKpq0SjS8YEVhPmpS5e30HepgGbU3h/ufjqJQdnSWyj4 P33pI5Bfo5nFISyyJ+EsDczfWjpUn10F3xiOUb3IZcFuXrbkCFx4GrpnZ25eg1Z0 sXSTq9+lSc1lqDkyBVRNyWAKp5/lsLAmV+WaFugv9svXoxdDyYVA9waFiaxnGHPy E1hTrVKUFKZmUmiYxEo4b/LSdr8IdaLvsdlWb/4z+C9c1ei/U+yMtOYU8U+JCsVP 4v5hVcnPvL7sFiKfBPW7LsvRq5z1L58l61AivGbPZRkRG4oObOtoWvec4ygQ6tbM Hmc8HATllbUSoeu0eTtnlYgIKdia14DQFclcbTdMBU37y0DrBJc= =CBpG -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "freebsd",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "communications network charging and control",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.3"
      },
      {
        "_id": null,
        "model": "sqlite",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sqlite",
        "version": "3.32.0"
      },
      {
        "_id": null,
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.0"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "_id": null,
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.0"
      },
      {
        "_id": null,
        "model": "outside in technology",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.5.5"
      },
      {
        "_id": null,
        "model": "freebsd",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "12.1"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "_id": null,
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "_id": null,
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.10.9"
      },
      {
        "_id": null,
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "20.04"
      },
      {
        "_id": null,
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "19.10"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.0"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.14.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "communications network charging and control",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-13434"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162628"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-13434",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-13434",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-166212",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-13434",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-13434",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-166212",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-166212"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13434"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite is an open source embedded relational database management system based on C language developed by American D.Richard Hipp software developer. The system has the characteristics of independence, isolation and cross-platform. The sqlite3_str_vappendf of the printf.c file in SQLite 3.32.0 and earlier versions has an input validation error vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code by sending a specially crafted request. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nSQLite is a C library that implements an SQL database engine. A large\nsubset of SQL92 is supported. A complete database is stored in a single\ndisk file. The API is designed for convenience and ease of use. \nApplications that link against SQLite can enjoy the power and flexibility\nof an SQL database without the administrative hassles of supporting a\nseparate database server. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update\nAdvisory ID:       RHSA-2021:2479-01\nProduct:           Red Hat OpenShift Container Storage\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2479\nIssue date:        2021-06-17\nCVE Names:         CVE-2016-10228 CVE-2017-14502 CVE-2019-2708\n                   CVE-2019-3842 CVE-2019-9169 CVE-2019-13012\n                   CVE-2019-14866 CVE-2019-25013 CVE-2020-8231\n                   CVE-2020-8284 CVE-2020-8285 CVE-2020-8286\n                   CVE-2020-8927 CVE-2020-9948 CVE-2020-9951\n                   CVE-2020-9983 CVE-2020-13434 CVE-2020-13543\n                   CVE-2020-13584 CVE-2020-13776 CVE-2020-15358\n                   CVE-2020-24977 CVE-2020-25659 CVE-2020-25678\n                   CVE-2020-26116 CVE-2020-26137 CVE-2020-27618\n                   CVE-2020-27619 CVE-2020-27783 CVE-2020-28196\n                   CVE-2020-29361 CVE-2020-29362 CVE-2020-29363\n                   CVE-2020-36242 CVE-2021-3139 CVE-2021-3177\n                   CVE-2021-3326 CVE-2021-3449 CVE-2021-3450\n                   CVE-2021-3528 CVE-2021-20305 CVE-2021-23239\n                   CVE-2021-23240 CVE-2021-23336\n====================================================================\n1. Summary:\n\nUpdated images that fix one security issue and several bugs are now\navailable for Red Hat OpenShift Container Storage 4.6.5 on Red Hat\nEnterprise Linux 8 from Red Hat Container Registry. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Container Storage is a highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files\n(CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the\nOpenShift Container Platform nodes are running on a version of Red Hat\nEnterprise Linux which is less than 8.2, and the snapshot from which the\nPVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored\nuntil the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when\nOpenShift Container Storage was deployed, due to incorrect identification\nof AWS S3. With this update, the default backingstore gets created when\nOpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the\ndebug option was not set. With this update, the log messages are printed to\nthe endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did\nnot register the pod IP on the monitor servers, and hence every mount on\nthe filesystem timed out, resulting in CephFS volume provisioning failure. \nWith this update, an argument `--public-addr=podIP` is added to the MDS pod\nwhen the host network is not enabled, and hence the CephFS volume\nprovisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated\nwith the correct cache value, and hence MDSs in standby-replay might report\nan oversized cache, as rook did not apply the `mds_cache_memory_limit`\nargument during upgrades. With this update, the `mds_cache_memory_limit`\nargument is applied during upgrades and the mds daemon operates normally. \n(BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as\nrook was setting the config option `log_file` to an empty string since\nlogging happened on stdout and not on the files, and hence Ceph read the\nvalue of the `log_file` to build the dump path. With this update, rook does\nnot set the `log_file` and keeps Ceph\u0027s internal default, and hence the\ncoredumps are generated in the correct location and are accessible under\n`/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon\npod was drained while another mon was failing over. With this update,\nvoluntary mon drains are prevented while a mon is failing over, and hence\nCeph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously\nremove the new mon if the operator was restarted during a mon failover. \nWith this update, the operator completes the same mon failover after the\noperator is restarted, and hence the mon quorum is more reliable in the\nnode drains and mon failover scenarios. (BZ#1959983)\n\nAll users of Red Hat OpenShift Container Storage are advised to pull these\nnew images from the Red Hat Container Registry. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b\n1951348 - [GSS][CephFS] health warning \"MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files\" for the standby-replay\n1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]\n1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover\n1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout\n1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25678\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2021-3139\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3528\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-23239\nhttps://access.redhat.com/security/cve/CVE-2021-23240\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND\nQ1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo\nFKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS\nv59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF\nHXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd\n6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN\nkAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC\nL+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG\nsIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz\nV144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO\nAQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT\nRCrstqAM5QQ=DHD0\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 -  Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\"  \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-11-13-4 Additional information for\nAPPLE-SA-2020-09-16-2 tvOS 14.0\n\ntvOS 14.0 addresses the following issues. Information about the\nsecurity content is also available at\nhttps://support.apple.com/HT211843. \n\nAssets\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An attacker may be able to misuse a trust relationship to\ndownload malicious content\nDescription: A trust issue was addressed by removing a legacy API. \nCVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup\nEntry updated November 12, 2020\n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\nEntry added November 12, 2020\n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\nEntry added November 12, 2020\n\nCoreAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,\nJunDong Xie of Ant Group Light-Year Security Lab\nEntry added November 12, 2020\n\nCoreCapture\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9949: Proteas\nEntry added November 12, 2020\n\nDisk Images\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9965: Proteas\nCVE-2020-9966: Proteas\nEntry added November 12, 2020\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\nEntry added November 12, 2020\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9876: Mickey Jin of Trend Micro\nEntry added November 12, 2020\n\nKeyboard\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\nlibxml2\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9981: found by OSS-Fuzz\nEntry added November 12, 2020\n\nSandbox\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local user may be able to view senstive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\nEntry added November 12, 2020\n\nSandbox\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\nEntry updated September 17, 2020\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-13434\nCVE-2020-13435\nCVE-2020-9991\nEntry added November 12, 2020\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating SQLite to\nversion 3.32.3. \nCVE-2020-15358\nEntry added November 12, 2020\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A maliciously crafted SQL query may lead to data corruption\nDescription: This issue was addressed with improved checks. \nCVE-2020-13631\nEntry added November 12, 2020\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to leak memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9849\nEntry added November 12, 2020\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-13630\nEntry added November 12, 2020\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\nCVE-2020-9951: Marcin \u0027Icewall\u0027 Noga of Cisco Talos\nEntry added November 12, 2020\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9983: zhunki\nEntry added November 12, 2020\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\nWi-Fi\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10013: Yu Wang of Didi Research America\nEntry added November 12, 2020\n\nAdditional recognition\n\nAudio\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-\nfinancial Light-Year Security Lab for their assistance. \nEntry added November 12, 2020\n\nBluetooth\nWe would like to acknowledge Andy Davis of NCC Group and Dennis\nHeinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for\ntheir assistance. \n\nClang\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \nEntry added November 12, 2020\n\nCore Location\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\niAP\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero,\nStephen R\u00f6ttger of Google for their assistance. \nEntry updated November 12, 2020\n\nLocation Framework\nWe would like to acknowledge Nicolas Brunner\n(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. \nEntry updated October 19, 2020\n\nSafari\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their\nassistance. \nEntry added November 12, 2020\n\nWebKit\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan\nPickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang\nZeng(@Wester) of OPPO ZIWU Security Lab for their assistance. \nEntry added November 12, 2020\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uyHoACgkQZcsbuWJ6\njjAwvw/+LOihEZ6W7DntL6nfl432KOZ58vNbauzTxYCo6HHsfu9d80SP7BF/BiIf\n5rXBfJSyP8K0cQwmhli5xv4DH2VPSwP9GKZXDEG9OYQoHZJ3aie2bOUyPlH14WTZ\nJbL00oIdSXaPeovCNah6ahyI6apX63NpJr3FZkbNCDFsGdv7bjkoshRacGMkVSqG\nytAoAsTpuaQEzHCWkvj0hdUasB/VmlnZQS5CzasGplL+1Y6pkwxjxEnN4BlV1/Zn\nr7ZWn2SOrf1UZoB/TAE39WdXY7pZ2WfDIyOzIqCioPc3ZlE7bRh7KKRMHwXNDp6Q\nXMeb6G818+XpHFKTV/NbLKpq0SjS8YEVhPmpS5e30HepgGbU3h/ufjqJQdnSWyj4\nP33pI5Bfo5nFISyyJ+EsDczfWjpUn10F3xiOUb3IZcFuXrbkCFx4GrpnZ25eg1Z0\nsXSTq9+lSc1lqDkyBVRNyWAKp5/lsLAmV+WaFugv9svXoxdDyYVA9waFiaxnGHPy\nE1hTrVKUFKZmUmiYxEo4b/LSdr8IdaLvsdlWb/4z+C9c1ei/U+yMtOYU8U+JCsVP\n4v5hVcnPvL7sFiKfBPW7LsvRq5z1L58l61AivGbPZRkRG4oObOtoWvec4ygQ6tbM\nHmc8HATllbUSoeu0eTtnlYgIKdia14DQFclcbTdMBU37y0DrBJc=\n=CBpG\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-13434"
      },
      {
        "db": "VULHUB",
        "id": "VHN-166212"
      },
      {
        "db": "PACKETSTORM",
        "id": "162628"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "160062"
      }
    ],
    "trust": 1.8
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-166212",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-166212"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-13434",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "163276",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163209",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163257",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162628",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163267",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "160062",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162837",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163188",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162659",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160545",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163496",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160061",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160064",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158592",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1159",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-166212",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162877",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-166212"
      },
      {
        "db": "PACKETSTORM",
        "id": "162628"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "160062"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13434"
      }
    ]
  },
  "id": "VAR-202005-0473",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-166212"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T22:52:23.548000Z",
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-166212"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13434"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20200528-0004/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht211843"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht211844"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht211850"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht211931"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht211935"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht211952"
      },
      {
        "trust": 1.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-20:22.sqlite.asc"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/nov/20"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/nov/19"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/nov/22"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2020/dec/32"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202007-26"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.sqlite.org/src/info/23439ea582241138"
      },
      {
        "trust": 1.1,
        "url": "https://www.sqlite.org/src/info/d08d3405878d394e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/4394-1/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l7kxqwhiy2mqp4lnm6odwjenmxyyqybn/"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-3842"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-13776"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-24977"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-27619"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-23336"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-20305"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2017-14502"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-27219"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3449"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3450"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-13543"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9951"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-10878"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9948"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-13012"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-13584"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-12362"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9983"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
      },
      {
        "trust": 0.3,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-10543"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3114"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14347"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36322"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12114"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25712"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27835"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25704"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14363"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-18811"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14360"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19528"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12464"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14314"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14356"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27786"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25643"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24394"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-0431"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-0342"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14345"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14344"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19523"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14362"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14361"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25285"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35508"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25212"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28974"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15437"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25284"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14346"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-11608"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25037"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28935"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25034"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25035"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25038"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24330"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25042"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25032"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25041"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25036"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-25215"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24331"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24332"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25039"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25040"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36242"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25659"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7kxqwhiy2mqp4lnm6odwjenmxyyqybn/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1581"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14347"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14360"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2136"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14314"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14356"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21639"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28165"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28092"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28163"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28918"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3501"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27170"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25692"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3347"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2479"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23240"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23239"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25678"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25678"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2130"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13949"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23337"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21645"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21643"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21644"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2122"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9983"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9961"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9947"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9991"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9976"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9954"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9968"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9965"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9966"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht211843."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9876"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9949"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9849"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9952"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9979"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-166212"
      },
      {
        "db": "PACKETSTORM",
        "id": "162628"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "160062"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13434"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-166212",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162628",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162837",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163188",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163209",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163257",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163267",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163276",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162877",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "160062",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13434",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-05-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-166212",
        "ident": null
      },
      {
        "date": "2021-05-19T13:56:42",
        "db": "PACKETSTORM",
        "id": "162628",
        "ident": null
      },
      {
        "date": "2021-05-27T13:28:54",
        "db": "PACKETSTORM",
        "id": "162837",
        "ident": null
      },
      {
        "date": "2021-06-17T17:53:22",
        "db": "PACKETSTORM",
        "id": "163188",
        "ident": null
      },
      {
        "date": "2021-06-17T18:34:10",
        "db": "PACKETSTORM",
        "id": "163209",
        "ident": null
      },
      {
        "date": "2021-06-23T15:44:15",
        "db": "PACKETSTORM",
        "id": "163257",
        "ident": null
      },
      {
        "date": "2021-06-23T16:08:25",
        "db": "PACKETSTORM",
        "id": "163267",
        "ident": null
      },
      {
        "date": "2021-06-24T17:54:53",
        "db": "PACKETSTORM",
        "id": "163276",
        "ident": null
      },
      {
        "date": "2021-06-01T14:45:29",
        "db": "PACKETSTORM",
        "id": "162877",
        "ident": null
      },
      {
        "date": "2020-11-13T22:22:22",
        "db": "PACKETSTORM",
        "id": "160062",
        "ident": null
      },
      {
        "date": "2020-05-24T22:15:10.397000",
        "db": "NVD",
        "id": "CVE-2020-13434",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-166212",
        "ident": null
      },
      {
        "date": "2024-11-21T05:01:15.420000",
        "db": "NVD",
        "id": "CVE-2020-13434",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Red Hat Security Advisory 2021-1581-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162628"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "overflow",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162628"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      }
    ],
    "trust": 0.2
  }
}

Search criteria ⓘ Use full-text search for keyword queries. Combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by dates instead of relevance.

7957 vulnerabilities found for macOS by Apple

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities

apache2 vulnerabilities

Synopsis

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

webkit2gtk vulnerabilities

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

2033051)

2048500)

2053279)

2059954)

vim vulnerabilities

Synopsis

Background

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

vim vulnerabilities

Synopsis

Impact

Workaround

Resolution

References

Availability

Concerns?

License

apache2 vulnerabilities

cups vulnerabilities

webkit2gtk vulnerabilities

ruby2.3 vulnerability

Background

Synopsis

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Synopsis

Impact

Workaround

Resolution

References

Availability

Concerns?

License

apache2 vulnerabilities

webkit2gtk vulnerabilities

webkit2gtk vulnerabilities

Synopsis

Affected packages

Description

Workaround

Search criteria ⓘ Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.