Search

Find a vulnerability

Search criteria

    20 vulnerabilities by libexpat

    VAR-202202-0163

    Vulnerability from variot - Updated: 2026-04-10 23:19

    In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

    Security update:

    • nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)

    Bug fixes:

    • Can't install submariner add-ons from UI on unsupported cloud provider (BZ# 2087686)

    • policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub (BZ# 2088270)

    • RHACM 2.5.1 images (BZ# 2090802)

    • Broken link to Submariner manual install instructions (BZ# 2095333)

    • The backend service is unavailable when accessing ACM 2.5 Overview page (BZ# 2096389)

    • 64 character length causing clusters to unsubscribe (BZ# 2101453)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2087686 - Can't install submariner add-ons from UI on unsupported cloud provider 2088270 - policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub 2090802 - RHACM 2.5.1 images 2095333 - Broken link to Submariner manual install instructions 2096389 - The backend service is unavailable when accessing ACM 2.5 Overview page 2101453 - 64 character length causing clusters to unsubscribe

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: ACS 3.71 enhancement and security update Advisory ID: RHSA-2022:5704-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2022:5704 Issue date: 2022-07-25 CVE Names: CVE-2021-40528 CVE-2022-1621 CVE-2022-1629 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29173 CVE-2022-29824 ==================================================================== 1. Summary:

    Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Release of ACS 3.71 provides these changes:

    Security Fix(es):

    • go-tuf: No protection against rollback attacks for roles other than root (CVE-2022-29173)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    New Features:

    • New RHACS dashboard and widgets
    • New default policy for privilege escalation: detects if a deployment is running with a container that has allowPrivilegeEscalation set to true. This policy is enabled by default. The privilege escalation setting is enabled in Kubernetes pods by default.
    • New default policy for externally exposed service: detects if a deployment has any service that is externally exposed through any methods. The policy is disabled by default.
    • Ability to assign multiple RHACS roles to users and groups: Allows you to assign multiple roles using key-value pairs to a single user or group.
    • List of network policies in Deployment tab for violations: A new information section has been added to help resolve a "missing Kubernetes network policy" violation that lists all the Kubernetes network policies applicable to the namespace of the offending deployment.
    • Alpine 3.16 support for Scanner

    Enhancements: * Change to roxctl image scan behavior: The default value for the - --include-snoozed option of the roxctl image scan command is set to false. If the --include-snoozed option is set to false, the scan does not include snoozed CVEs. * Diagnostic bundles update: These now include notifiers, auth providers and auth provider groups, access control roles with attached permission set and access scope, and system configuration information. Users with the DebugLogs permission can read listed entities from a generated diagnostic bundle regardless of their respective permissions. * Align OCP4-CIS scanning benchmarks control numbers: The CIS control number has been added to compliance scan results to enable customers to reference the original control from the CIS benchmark standard.

    Notable technical changes: * eBPF is now the default collection method: Updated the default collection method for Collector to eBPF.

    Deprecated features:

    • RenamePolicyCategory and DeletePolicyCategory API endpoints
    • Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User, Indicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken, BackupPlugins, ImageIntegration, Notifier, SignatureIntegration, ImageComponent
    • Retrieving groups by property
    • vulns fields of storage.Node object in response payload of v1/nodes
    • /v1/cves/suppress and /v1/cves/unsuppress

    Removed features:

    • Anchore, Tenable, and Docker Trusted Registry integrations
    • External authorization plug-in for scoped access control
    • FROM option in the Disallowed Dockerfile line policy field
    • PodSecurityPolicy (PSP) Kubernetes objects

    • Solution:

    To take advantage of the new features, bug fixes, and enhancements in RHACS 3.71 you are advised to upgrade to RHACS 3.71.0. For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2082400 - CVE-2022-29173 go-tuf: No protection against rollback attacks for roles other than root

    1. JIRA issues fixed (https://issues.jboss.org/):

    ROX-11898 - Release RHACS 3.71.0

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29173 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYuFju9zjgjWX9erEAQiWQw/+OGMhyOtp3q6Ypqpl1hEi3YCkXQOsdzmR V/2ULky7w4rO8xA9u8hZjDtrsxhHmY3PSYv2fRxLAX87d0FJEoUOGJ7JEQT+L+VF 08Zqzz+CRUVBubN27UKdMb8nAZ0S083XleTGd0u/gLTvdejRsfsNvfs+rlOSxv1c mlChC8HXlVg5UH6OAEspZ2P02AZdCgHCnlO5qHQT7BGeFPko4KMXAFf9Hddawffc F9nEC2jDlQ+KXFPTFWIcXnrCE89kQa32QFnks7Tt1RAgG+y2+xJj46LBU/nFeOpJ iu7eLDeKPn4WkmDsLaKIYDtpxXydJhRodnPukQHp4Jxik9HwEwl4L5F4p7bznM6P 6KsihRVrRxfhmHmjm7k43m9u9rNpeey6nrjAKEsZT5wOuNfpgtVAkBrN1fJ4X+tD wEbCeeEXZX1LL2kd8DsUD5Qw4Zs+uaqMqKtuqm9neiEpVOS9/Ktc6hTtt+Cw5l8u XS6NMQZeVl+bTkN6kVzVjSRl2hA5/VWL2Jd9cLjxp3jiIBLpiYZ1Usg8dt0FLgFe 3mQvD7GUMl7nrE4BEF/pwk1tRcEtzZfta5PpqyW2lYX6KXXgwibDND7xv7QXV8GP 2RdFbZC8K+XGCSf/RiD77cH/Uojpto9NnGfnhO3rMeVGnTbUQx57+QEqJLWHfLVQ +tIPRnmepo8=I5j4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . Summary:

    OpenShift API for Data Protection (OADP) 1.1.0 is now available. Description:

    OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. JIRA issues fixed (https://issues.jboss.org/):

    OADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig OADP-154 - Ensure support for backing up resources based on different label selectors OADP-194 - Remove the registry dependency from OADP OADP-199 - Enable support for restore of existing resources OADP-224 - Restore silently ignore resources if they exist - restore log not updated OADP-225 - Restore doesn't update velero.io/backup-name when a resource is updated OADP-234 - Implementation of incremental restore OADP-324 - Add label to Expired backups failing garbage collection OADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases OADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it's unable to find the zone OADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete OADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot OADP-528 - The volumesnapshotcontent is not removed for the synced backup OADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10 OADP-538 - typo on noDefaultBackupLocation error on DPA CR OADP-552 - Validate OADP with 4.11 and Pod Security Admissions OADP-558 - Empty Failed Backup CRs can't be removed OADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version OADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly OADP-592 - OADP must-gather add support for insecure tls OADP-597 - BSL validation logs OADP-598 - Data mover performance on backup blocks backup process OADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl OADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled OADP-602 - Support GCP for openshift-velero-plugin registry OADP-605 - [OCP 4.11] CSI restore fails with admission webhook \"volumesnapshotclasses.snapshot.storage.k8s.io\" denied OADP-607 - DataMover: VSB is stuck on SnapshotBackupDone OADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace OADP-613 - DataMover: upstream documentation refers wrong CRs OADP-637 - Restic backup fails with CA certificate OADP-643 - [Data Mover] VSB and VSR names are not unique OADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable OADP-648 - Remove default limits for velero and restic pods OADP-652 - Data mover VolSync pod errors with Noobaa OADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace OADP-660 - Data mover restic secret does not support Azure OADP-698 - DataMover: volume-snapshot-mover pod points to upstream image OADP-715 - Restic restore fails: restic-wait container continuously fails with "Not found: /restores//.velero/" OADP-716 - Incremental restore: second restore of a namespace partially fails OADP-736 - Data mover VSB always fails with volsync 0.5

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N Z0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E D3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK F50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9 /+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8 pBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX Olq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv TCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff JvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV tL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau mxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E= =MVQQ -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5320-1 March 10, 2022

    expat vulnerabilities and regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.10
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 ESM
    • Ubuntu 14.04 ESM

    Summary:

    Several security issues and a regression were fixed in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities.

    It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313)

    It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)

    It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315)

    Original advisory details:

    It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.3

    Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.4

    Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.7

    Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 2.1.0-7ubuntu0.16.04.5+esm5

    Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm6 libexpat1 2.1.0-4ubuntu1.4+esm6

    In general, a standard system update will make all the necessary changes. Description:

    OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

    This advisory contains the following OpenShift Virtualization 4.11.0 images:

    RHEL-8-CNV-4.11 ==============hostpath-provisioner-container-v4.11.0-21 kubevirt-tekton-tasks-operator-container-v4.11.0-29 kubevirt-template-validator-container-v4.11.0-17 bridge-marker-container-v4.11.0-26 hostpath-csi-driver-container-v4.11.0-21 cluster-network-addons-operator-container-v4.11.0-26 ovs-cni-marker-container-v4.11.0-26 virtio-win-container-v4.11.0-16 ovs-cni-plugin-container-v4.11.0-26 kubemacpool-container-v4.11.0-26 hostpath-provisioner-operator-container-v4.11.0-24 cnv-containernetworking-plugins-container-v4.11.0-26 kubevirt-ssp-operator-container-v4.11.0-54 virt-cdi-uploadserver-container-v4.11.0-59 virt-cdi-cloner-container-v4.11.0-59 virt-cdi-operator-container-v4.11.0-59 virt-cdi-importer-container-v4.11.0-59 virt-cdi-uploadproxy-container-v4.11.0-59 virt-cdi-controller-container-v4.11.0-59 virt-cdi-apiserver-container-v4.11.0-59 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7 kubevirt-tekton-tasks-copy-template-container-v4.11.0-7 checkup-framework-container-v4.11.0-67 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7 vm-network-latency-checkup-container-v4.11.0-67 kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7 hyperconverged-cluster-webhook-container-v4.11.0-95 cnv-must-gather-container-v4.11.0-62 hyperconverged-cluster-operator-container-v4.11.0-95 kubevirt-console-plugin-container-v4.11.0-83 virt-controller-container-v4.11.0-105 virt-handler-container-v4.11.0-105 virt-operator-container-v4.11.0-105 virt-launcher-container-v4.11.0-105 virt-artifacts-server-container-v4.11.0-105 virt-api-container-v4.11.0-105 libguestfs-tools-container-v4.11.0-105 hco-bundle-registry-container-v4.11.0-587

    Security Fix(es):

    • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

    • kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

    • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

    • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

    • prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

    • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

    • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

    • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

    • golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

    • golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)

    • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

    • golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

    1937609 - VM cannot be restarted 1945593 - Live migration should be blocked for VMs with host devices 1968514 - [RFE] Add cancel migration action to virtctl 1993109 - CNV MacOS Client not signed 1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side 2001385 - no "name" label in virt-operator pod 2009793 - KBase to clarify nested support status is missing 2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate 2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin) 2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation 2026357 - Migration in sequence can be reported as failed even when it succeeded 2029349 - cluster-network-addons-operator does not serve metrics through HTTPS 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2031857 - Add annotation for URL to download the image 2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate 2035344 - kubemacpool-mac-controller-manager not ready 2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered 2039976 - Pod stuck in "Terminating" state when removing VM with kernel boot and container disks 2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI 2041467 - [SSP] Support custom DataImportCron creating in custom namespaces 2042402 - LiveMigration with postcopy misbehave when failure occurs 2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists 2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift? 2051899 - 4.11.0 containers 2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn't configure ip nat rules 2052466 - Event does not include reason for inability to live migrate 2052689 - Overhead Memory consumption calculations are incorrect 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2056467 - virt-template-validator pods getting scheduled on the same node 2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long 2057310 - qemu-guest-agent does not report information due to selinux denials 2058149 - cluster-network-addons-operator deployment's MULTUS_IMAGE is pointing to brew image 2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs 2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state 2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool 2060585 - [SNO] Failed to find the virt-controller leader pod 2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled. 2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource 2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace 2063792 - No DataImportCron for CentOS 7 2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2064936 - Migration of vm from VMware reports pvc not large enough 2065014 - Feature Highlights in CNV 4.10 contains links to 4.7 2065019 - "Running VMs per template" in the new overview tab counts VMs that are not running 2066768 - [CNV-4.11-HCO] User Cannot List Resource "namespaces" in API group 2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom 2069287 - Two annotations for VM Template provider name 2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2070864 - non-privileged user cannot see catalog tiles 2071488 - "Migrate Node to Node" is confusing. 2071549 - [rhel-9] unable to create a non-root virt-launcher based VM 2071611 - Metrics documentation generators are missing metrics/recording rules 2071921 - Kubevirt RPM is not being built 2073669 - [rhel-9] VM fails to start 2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream 2073982 - [CNV-4.11-RHEL9] 'virtctl' binary fails with 'rc1' with 'virtctl version' command 2074337 - VM created from registry cannot be started 2075200 - VLAN filtering cannot be configured with Intel X710 2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff 2076292 - Upgrade from 4.10.1->4.11 using nightly channel, is not completing with error "could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR" 2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file 2076790 - Alert SSPDown is constantly in Firing state 2076908 - clicking on a template in the Running VMs per Template card leads to 404 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2078700 - Windows template boot source should be blank 2078703 - [RFE] Please hide the user defined password when customizing cloud-init 2078709 - VM conditions column have wrong key/values 2078728 - Common template rootDisk is not named correctly 2079366 - rootdisk is not able to edit 2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM 2079783 - Actions are broken in topology view 2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck 2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod 2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop 2080833 - Missing cloud init script editor in the scripts tab 2080835 - SSH key is set using cloud init script instead of new api 2081182 - VM SSH command generated by UI points at api VIP 2081202 - cloud-init for Windows VM generated with corrupted "undefined" section 2081409 - when viewing a common template details page, user need to see the message "can't edit common template" on all tabs 2081671 - SSH service created outside the UI is not discoverable 2081831 - [RFE] Improve disk hotplug UX 2082008 - LiveMigration fails due to loss of connection to destination host 2082164 - Migration progress timeout expects absolute progress 2082912 - [CNV-4.11] HCO Being Unable to Reconcile State 2083093 - VM overview tab is crashed 2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows? 2083100 - Something keeps loading in the ?node selector? modal 2083101 - ?Restore default settings? never become available while editing CPU/Memory 2083135 - VM fails to schedule with vTPM in spec 2083256 - SSP Reconcile logging improvement when CR resources are changed 2083595 - [RFE] Disable VM descheduler if the VM is not live migratable 2084102 - [e2e] Many elements are lacking proper selector like 'data-test-id' or 'data-test' 2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails 2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field 2084431 - User credentials for ssh is not in correct format 2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab. 2084532 - Console is crashed while detaching disk 2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory) 2085320 - Tolerations rules is not adding correctly 2085322 - Not able to stop/restart VM if the VM is staying in "Starting" 2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode 2086278 - Cloud init script edit add " hostname='' " when is should not be added 2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode 2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode 2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode 2086294 - [dark mode] Can't see the number inside the donut chart in VMs per template card 2086303 - non-priv user can't create VM when namespace is not selected 2086479 - some modals use ?Save? and some modals use ?Submit? 2086486 - cluster overview getting started card include old information 2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend 2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard 2086803 - When clonnig a template we need to update vm labels and annotaions to match new template 2086825 - VM restore PVC uses exact source PVC request size 2086849 - Create from YAML example is not runnable 2087188 - When VM is stopped - adding disk failed to show 2087189 - When VM is stopped - adding disk failed to show 2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2087546 - "Quick Starts" is missing in Getting started card 2087547 - Activity and Status card are missing in Virtualization Overview 2087559 - template in "VMs per template" should take user to vm list page 2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists 2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines? 2087577 - "VMs per template" load time is a bit long 2087578 - Terminology "VM" should be "Virtual Machine" in all places 2087582 - Remove VMI and MTV from the navigation 2087583 - [RFE] Show more info about boot source in template list 2087584 - Template provider should not be mandatory 2087587 - Improve the descriptive text in the kebab menu of template 2087589 - Red icons shows in storage disk source selection without a good reason 2087590 - [REF] "Upload a new file to a PVC" should not open the form in a new tab 2087593 - "Boot method" is not a good name in overview tab 2087603 - Align details card for single VM overview with the design doc 2087616 - align the utilization card of single VM overview with the design 2087701 - [RFE] Missing a link to VMI from running VM details page 2087717 - Message when editing template boot source is wrong 2088034 - Virtualization Overview crashes when a VirtualMachine has no labels 2088355 - disk modal shows all storage classes as default 2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user 2088379 - Create VM from catalog does not respect the storageclass of the template's boot source 2088407 - Missing create button in the template list 2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context 2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11 2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error 2088849 - "dataimportcrontemplate.kubevirt.io/enable" field does not do any validation 2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco 2089271 - Virtualization appears twice in sidebar 2089327 - add network modal crash when no networks available 2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page 2089477 - [RFE] Allow upload source when adding VM disk 2089700 - Drive column in Disks card of Overview page has duplicated values 2089745 - When removing all disks from customize wizard app crashes 2089789 - Add windows drivers disk is missing when template is not windows 2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user 2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages 2089840 - Cant create snapshot if VM is without disks 2089877 - Utilization card on single VM overview - timespan menu lacks 5min option 2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update 2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics 2089954 - Details card on single VM overview - VNC console has grey padding 2089963 - Details card on single VM overview - Operating system info is not available 2089967 - Network Interfaces card on single VM overview - name tooltip lacks info 2089970 - Network Interfaces card on single VM overview - IP tooltip 2089972 - Disks card on single VM overview -typo 2089979 - Single VM Details - CPU|Memory edit icon misplaced 2089982 - Single VM Details - SSH modal has redundant VM name 2090035 - Alert card is missing in single VM overview 2090036 - OS should be "Operating system" and host should be "hostname" in single vm overview 2090037 - Add template link in single vm overview details card 2090038 - The update field under the version in overview should be consistent with the operator page 2090042 - Move the edit button close to the text for "boot order" and "ssh access" 2090043 - "No resource selected" in vm boot order 2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page 2090048 - "Boot mode" should be editable while VM is running 2090054 - Services ?kubernetes" and "openshift" should not be listing in vm details 2090055 - Add link to vm template in vm details page 2090056 - "Something went wrong" shows on VM "Environment" tab 2090057 - "?" icon is too big in environment and disk tab 2090059 - Failed to add configmap in environment tab due to validate error 2090064 - Miss "remote desktop" in console dropdown list for windows VM 2090066 - [RFE] Improve guest login credentials 2090068 - Make the "name" and "Source" column wider in vm disk tab 2090131 - Key's value in "add affinity rule" modal is too small 2090350 - memory leak in virt-launcher process 2091003 - SSH service is not deleted along the VM 2091058 - After VM gets deleted, the user is redirected to a page with a different namespace 2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec. 2091406 - wrong template namespace label when creating a vm with wizard 2091754 - Scheduling and scripts tab should be editable while the VM is running 2091755 - Change bottom "Save" to "Apply" on cloud-init script form 2091756 - The root disk of cloned template should be editable 2091758 - "OS" should be "Operating system" in template filter 2091760 - The provider should be empty if it's not set during cloning 2091761 - Miss "Edit labels" and "Edit annotations" in template kebab button 2091762 - Move notification above the tabs in template details page 2091764 - Clone a template should lead to the template details 2091765 - "Edit bootsource" is keeping in load in template actions dropdown 2091766 - "Are you sure you want to leave this page?" pops up when click the "Templates" link 2091853 - On Snapshot tab of single VM "Restore" button should move to the kebab actions together with the Delete 2091863 - BootSource edit modal should list affected templates 2091868 - Catalog list view has two columns named "BootSource" 2091889 - Devices should be editable for customize template 2091897 - username is missing in the generated ssh command 2091904 - VM is not started if adding "Authorized SSH Key" during vm creation 2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root 2091940 - SSH is not enabled in vm details after restart the VM 2091945 - delete a template should lead to templates list 2091946 - Add disk modal shows wrong units 2091982 - Got a lot of "Reconciler error" in cdi-deployment log after adding custom DataImportCron to hco 2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank 2092052 - Virtualization should be omitted in Calatog breadcrumbs 2092071 - Getting started card in Virtualization overview can not be hidden. 2092079 - Error message stays even when problematic field is dismissed 2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO 2092228 - Ensure Machine Type for new VMs is 8.6 2092230 - [RFE] Add indication/mark to deprecated template 2092306 - VM is stucking with WaitingForVolumeBinding if creating via "Boot from CD" 2092337 - os is empty in VM details page 2092359 - [e2e] data-test-id includes all pvc name 2092654 - [RFE] No obvious way to delete the ssh key from the VM 2092662 - No url example for rhel and windows template 2092663 - no hyperlink for URL example in disk source "url" 2092664 - no hyperlink to the cdi uploadproxy URL 2092781 - Details card should be removed for non admins. 2092783 - Top consumers' card should be removed for non admins. 2092787 - Operators links should be removed from Getting started card 2092789 - "Learn more about Operators" link should lead to the Red Hat documentation 2092951 - ?Edit BootSource? action should have more explicit information when disabled 2093282 - Remove links to 'all-namespaces/' for non-privileged user 2093691 - Creation flow drawer left padding is broken 2093713 - Required fields in creation flow should be highlighted if empty 2093715 - Optional parameters section in creation flow is missing bottom padding 2093716 - CPU|Memory modal button should say "Restore template settings? 2093772 - Add a service in environment it reminds a pending change in boot order 2093773 - Console crashed if adding a service without serial number 2093866 - Cannot create vm from the template vm-template-example 2093867 - OS for template 'vm-template-example' should matching the version of the image 2094202 - Cloud-init username field should have hint 2094207 - Cloud-init password field should have auto-generate option 2094208 - SSH key input is missing validation 2094217 - YAML view should reflect shanges in SSH form 2094222 - "?" icon should be placed after red asterisk in required fields 2094323 - Workload profile should be editable in template details page 2094405 - adding resource on enviornment isnt showing on disks list when vm is running 2094440 - Utilization pie charts figures are not based on current data 2094451 - PVC selection in VM creation flow does not work for non-priv user 2094453 - CD Source selection in VM creation flow is missing Upload option 2094465 - Typo in Source tooltip 2094471 - Node selector modal for non-privileged user 2094481 - Tolerations modal for non-privileged user 2094486 - Add affinity rule modal 2094491 - Affinity rules modal button 2094495 - Descheduler modal has same text in two lines 2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id 2094665 - Dedicated Resources modal for non-privileged user 2094678 - Secrets and ConfigMaps can't be added to Windows VM 2094727 - Creation flow should have VM info in header row 2094807 - hardware devices dropdown has group title even with no devices in cluster 2094813 - Cloudinit password is seen in wizard 2094848 - Details card on Overview page - 'View details' link is missing 2095125 - OS is empty in the clone modal 2095129 - "undefined" appears in rootdisk line in clone modal 2095224 - affinity modal for non-privileged users 2095529 - VM migration cancelation in kebab action should have shorter name 2095530 - Column sizes in VM list view 2095532 - Node column in VM list view is visible to non-privileged user 2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime 2095570 - Details tab of VM should not have Node info for non-privileged user 2095573 - Disks created as environment or scripts should have proper label 2095953 - VNC console controls layout 2095955 - VNC console tabs 2096166 - Template "vm-template-example" is binding with namespace "default" 2096206 - Inconsistent capitalization in Template Actions 2096208 - Templates in the catalog list is not sorted 2096263 - Incorrectly displaying units for Disks size or Memory field in various places 2096333 - virtualization overview, related operators title is not aligned 2096492 - Cannot create vm from a cloned template if its boot source is edited 2096502 - "Restore template settings" should be removed from template CPU editor 2096510 - VM can be created without any disk 2096511 - Template shows "no Boot Source" and label "Source available" at the same time 2096620 - in templates list, edit boot reference kebab action opens a modal with different title 2096781 - Remove boot source provider while edit boot source reference 2096801 - vnc thumbnail in virtual machine overview should be active on page load 2096845 - Windows template's scripts tab is crashed 2097328 - virtctl guestfs shouldn't required uid = 0 2097370 - missing titles for optional parameters in wizard customization page 2097465 - Count is not updating for 'prometheusrule' component when metrics kubevirt_hco_out_of_band_modifications_count executed 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2098134 - "Workload profile" column is not showing completely in template list 2098135 - Workload is not showing correct in catalog after change the template's workload 2098282 - Javascript error when changing boot source of custom template to be an uploaded file 2099443 - No "Quick create virtualmachine" button for template 'vm-template-example' 2099533 - ConsoleQuickStart for HCO CR's VM is missing 2099535 - The cdi-uploadproxy certificate url should be opened in a new tab 2099539 - No storage option for upload while editing a disk 2099566 - Cloudinit should be replaced by cloud-init in all places 2099608 - "DynamicB" shows in vm-example disk size 2099633 - Doc links needs to be updated 2099639 - Remove user line from the ssh command section 2099802 - Details card link shouldn't be hard-coded 2100054 - Windows VM with WSL2 guest fails to migrate 2100284 - Virtualization overview is crashed 2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101485 - Cloudinit should be replaced by cloud-init in all places 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer 2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2102122 - non-priv user cannot load dataSource while edit template's rootdisk 2102124 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2102125 - vm clone modal is displaying DV size instead of PVC size 2102127 - Cannot add NIC to VM template as non-priv user 2102129 - All templates are labeling "source available" in template list page 2102131 - The number of hardware devices is not correct in vm overview tab 2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2102143 - vm clone modal is displaying DV size instead of PVC size 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102543 - Add button moved to right 2102544 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102545 - VM filter has two "Other" checkboxes which are triggered together 2104617 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2106175 - All pages are crashed after visit Virtualization -> Overview 2106258 - All pages are crashed after visit Virtualization -> Overview 2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions 2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111562 - kubevirt plugin console crashed after visit vmi page 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key 2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key 2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key 2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    Expat is a C library for parsing XML documents. Bugs fixed (https://bugzilla.redhat.com/):

    2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: integer overflow in copyString()

    1. Package List:

    Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    7

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.5"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25313"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "167853"
          },
          {
            "db": "PACKETSTORM",
            "id": "167838"
          },
          {
            "db": "PACKETSTORM",
            "id": "168228"
          },
          {
            "db": "PACKETSTORM",
            "id": "168392"
          },
          {
            "db": "PACKETSTORM",
            "id": "168352"
          },
          {
            "db": "PACKETSTORM",
            "id": "167648"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-25313",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-25313",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-415280",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-25313",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-25313",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-25313",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-415280",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415280"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25313"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25313"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity update:\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\nBug fixes:\n\n* Can\u0027t install submariner add-ons from UI on unsupported cloud provider\n(BZ# 2087686)\n\n* policy controller addons are Progressing status (unhealthy from backend)\non OCP3.11 in ARM hub (BZ# 2088270)\n\n* RHACM 2.5.1 images (BZ# 2090802)\n\n* Broken link to Submariner manual install instructions (BZ# 2095333)\n\n* `The backend service is unavailable` when accessing ACM 2.5 Overview page\n(BZ# 2096389)\n\n* 64 character length causing clusters to unsubscribe (BZ# 2101453)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature  authenticated user can obtain the privileges of the System account\n2087686 - Can\u0027t install submariner add-ons from UI on unsupported cloud provider\n2088270 - policy controller addons are Progressing status (unhealthy from backend)  on OCP3.11 in ARM hub\n2090802 - RHACM 2.5.1 images\n2095333 - Broken link to Submariner manual install instructions\n2096389 - `The backend service is unavailable` when accessing ACM 2.5 Overview page\n2101453 - 64 character length causing clusters to unsubscribe\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: ACS 3.71 enhancement and security update\nAdvisory ID:       RHSA-2022:5704-01\nProduct:           RHACS\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5704\nIssue date:        2022-07-25\nCVE Names:         CVE-2021-40528 CVE-2022-1621 CVE-2022-1629\n                   CVE-2022-22576 CVE-2022-25313 CVE-2022-25314\n                   CVE-2022-27774 CVE-2022-27776 CVE-2022-27782\n                   CVE-2022-29173 CVE-2022-29824\n====================================================================\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security. The\nupdated image includes bug fixes and feature improvements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRelease of ACS 3.71 provides these changes:\n\nSecurity Fix(es):\n\n* go-tuf: No protection against rollback attacks for roles other than root\n(CVE-2022-29173)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nNew Features:\n\n* New RHACS dashboard and widgets\n* New default policy for privilege escalation: detects if a deployment is\nrunning with a container that has allowPrivilegeEscalation set to true. \nThis policy is enabled by default. The privilege escalation setting is\nenabled in Kubernetes pods by default. \n* New default policy for externally exposed service: detects if a\ndeployment has any service that is externally exposed through any methods. \nThe policy is disabled by default. \n* Ability to assign multiple RHACS roles to users and groups: Allows you to\nassign multiple roles using key-value pairs to a single user or group. \n* List of network policies in Deployment tab for violations: A new\ninformation section has been added to help resolve a \"missing Kubernetes\nnetwork policy\" violation that lists all the Kubernetes network policies\napplicable to the namespace of the offending deployment. \n* Alpine 3.16 support for Scanner\n\nEnhancements:\n* Change to roxctl image scan behavior: The default value for the\n- --include-snoozed option of the roxctl image scan command is set to false. \nIf the --include-snoozed option is set to false, the scan does not include\nsnoozed CVEs. \n* Diagnostic bundles update: These now include notifiers, auth providers\nand auth provider groups, access control roles with attached permission set\nand access scope, and system configuration information. Users with the\nDebugLogs permission can read listed entities from a generated diagnostic\nbundle regardless of their respective permissions. \n* Align OCP4-CIS scanning benchmarks control numbers: The CIS control\nnumber has been added to compliance scan results to enable customers to\nreference the original control from the CIS benchmark standard. \n\nNotable technical changes:\n* eBPF is now the default collection method: Updated the default collection\nmethod for Collector to eBPF. \n\nDeprecated features:\n\n* RenamePolicyCategory and DeletePolicyCategory API endpoints\n* Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User,\nIndicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken,\nBackupPlugins, ImageIntegration, Notifier, SignatureIntegration,\nImageComponent\n* Retrieving groups by property\n* vulns fields of storage.Node object in response payload of v1/nodes\n* /v1/cves/suppress and /v1/cves/unsuppress\n\nRemoved features:\n\n* Anchore, Tenable, and Docker Trusted Registry integrations\n* External authorization plug-in for scoped access control\n* FROM option in the Disallowed Dockerfile line policy field\n* PodSecurityPolicy (PSP) Kubernetes objects\n\n3. Solution:\n\nTo take advantage of the new features, bug fixes, and enhancements in RHACS\n3.71 you are advised to upgrade to RHACS 3.71.0. For details on how to\napply this update, which includes the changes described in this advisory,\nrefer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2082400 - CVE-2022-29173 go-tuf: No protection against rollback attacks for roles other than root\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nROX-11898 - Release RHACS 3.71.0\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-29173\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYuFju9zjgjWX9erEAQiWQw/+OGMhyOtp3q6Ypqpl1hEi3YCkXQOsdzmR\nV/2ULky7w4rO8xA9u8hZjDtrsxhHmY3PSYv2fRxLAX87d0FJEoUOGJ7JEQT+L+VF\n08Zqzz+CRUVBubN27UKdMb8nAZ0S083XleTGd0u/gLTvdejRsfsNvfs+rlOSxv1c\nmlChC8HXlVg5UH6OAEspZ2P02AZdCgHCnlO5qHQT7BGeFPko4KMXAFf9Hddawffc\nF9nEC2jDlQ+KXFPTFWIcXnrCE89kQa32QFnks7Tt1RAgG+y2+xJj46LBU/nFeOpJ\niu7eLDeKPn4WkmDsLaKIYDtpxXydJhRodnPukQHp4Jxik9HwEwl4L5F4p7bznM6P\n6KsihRVrRxfhmHmjm7k43m9u9rNpeey6nrjAKEsZT5wOuNfpgtVAkBrN1fJ4X+tD\nwEbCeeEXZX1LL2kd8DsUD5Qw4Zs+uaqMqKtuqm9neiEpVOS9/Ktc6hTtt+Cw5l8u\nXS6NMQZeVl+bTkN6kVzVjSRl2hA5/VWL2Jd9cLjxp3jiIBLpiYZ1Usg8dt0FLgFe\n3mQvD7GUMl7nrE4BEF/pwk1tRcEtzZfta5PpqyW2lYX6KXXgwibDND7xv7QXV8GP\n2RdFbZC8K+XGCSf/RiD77cH/Uojpto9NnGfnhO3rMeVGnTbUQx57+QEqJLWHfLVQ\n+tIPRnmepo8=I5j4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nOpenShift API for Data Protection (OADP) 1.1.0 is now available. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig\nOADP-154 - Ensure support for backing up resources based on different label selectors\nOADP-194 - Remove the registry dependency from OADP\nOADP-199 - Enable support for restore of existing resources\nOADP-224 - Restore silently ignore resources if they exist - restore log not updated\nOADP-225 - Restore doesn\u0027t update velero.io/backup-name when a resource is updated\nOADP-234 - Implementation of incremental restore\nOADP-324 - Add label to Expired backups failing garbage collection\nOADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases\nOADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it\u0027s unable to find the zone\nOADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete\nOADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot\nOADP-528 - The volumesnapshotcontent is not removed for the synced backup\nOADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10\nOADP-538 - typo on noDefaultBackupLocation error on DPA CR\nOADP-552 - Validate OADP with 4.11 and Pod Security Admissions\nOADP-558 - Empty Failed Backup CRs can\u0027t be removed\nOADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version\nOADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly\nOADP-592 - OADP must-gather add support for insecure tls\nOADP-597 - BSL validation logs\nOADP-598 - Data mover performance on backup blocks backup process\nOADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl\nOADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled\nOADP-602 - Support GCP for openshift-velero-plugin registry\nOADP-605 - [OCP 4.11] CSI restore fails with admission webhook \\\"volumesnapshotclasses.snapshot.storage.k8s.io\\\" denied\nOADP-607 - DataMover: VSB is stuck on SnapshotBackupDone\nOADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace\nOADP-613 - DataMover: upstream documentation refers wrong CRs\nOADP-637 - Restic backup fails with CA certificate\nOADP-643 - [Data Mover] VSB and VSR names are not unique\nOADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable\nOADP-648 - Remove default limits for velero and restic pods\nOADP-652 - Data mover VolSync pod errors with Noobaa\nOADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace\nOADP-660 - Data mover restic secret does not support Azure\nOADP-698 - DataMover: volume-snapshot-mover pod points to upstream image\nOADP-715 - Restic restore fails: restic-wait container continuously fails with \"Not found: /restores/\u003cpod-volume\u003e/.velero/\u003crestore-UID\u003e\"\nOADP-716 - Incremental restore: second restore of a namespace partially fails\nOADP-736 - Data mover VSB always fails with volsync 0.5\n\n6. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u3. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u2. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N\nZ0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E\nD3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK\nF50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9\n/+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8\npBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX\nOlq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv\nTCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff\nJvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV\ntL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau\nmxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E=\n=MVQQ\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5320-1\nMarch 10, 2022\n\nexpat vulnerabilities and regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues and a regression were fixed in Expat. For CVE-2022-25236 it\ncaused a regression and an additional patch was required. This update address\nthis regression and several other vulnerabilities. \n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-25313)\n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a crash\nor execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)\n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a crash or execute\narbitrary code. (CVE-2022-25315)\n\nOriginal advisory details:\n\n It was discovered that Expat incorrectly handled certain files. \n An attacker could possibly use this issue to cause a crash or\n execute arbitrary code. (CVE-2022-25236)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n  libexpat1                       2.4.1-2ubuntu0.3\n\nUbuntu 20.04 LTS:\n  libexpat1                       2.2.9-1ubuntu0.4\n\nUbuntu 18.04 LTS:\n  libexpat1                       2.2.5-3ubuntu0.7\n\nUbuntu 16.04 ESM:\n  lib64expat1                     2.1.0-7ubuntu0.16.04.5+esm5\n  libexpat1                       2.1.0-7ubuntu0.16.04.5+esm5\n\nUbuntu 14.04 ESM:\n  lib64expat1                     2.1.0-4ubuntu1.4+esm6\n  libexpat1                       2.1.0-4ubuntu1.4+esm6\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nThis advisory contains the following OpenShift Virtualization 4.11.0\nimages:\n\nRHEL-8-CNV-4.11\n==============hostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937609 - VM cannot be restarted\n1945593 - Live migration should be blocked for VMs with host devices\n1968514 - [RFE] Add cancel migration action to virtctl\n1993109 - CNV MacOS Client not signed\n1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side\n2001385 - no \"name\" label in virt-operator pod\n2009793 - KBase to clarify nested support status is missing\n2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate\n2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)\n2025401 - [TEST ONLY]  [CNV+OCS/ODF]  Virtualization poison pill implemenation\n2026357 - Migration in sequence can be reported as failed even when it succeeded\n2029349 - cluster-network-addons-operator does not serve metrics through HTTPS\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2031857 - Add annotation for URL to download the image\n2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2035344 - kubemacpool-mac-controller-manager not ready\n2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered\n2039976 - Pod stuck in \"Terminating\" state when removing VM with kernel boot and container disks\n2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI\n2041467 - [SSP] Support custom DataImportCron creating in custom namespaces\n2042402 - LiveMigration with postcopy misbehave when failure occurs\n2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists\n2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?\n2051899 - 4.11.0 containers\n2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn\u0027t configure ip nat rules\n2052466 - Event does not include reason for inability to live migrate\n2052689 - Overhead Memory consumption calculations are incorrect\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2056467 - virt-template-validator pods getting scheduled on the same node\n2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long\n2057310 - qemu-guest-agent does not report information due to selinux denials\n2058149 - cluster-network-addons-operator deployment\u0027s MULTUS_IMAGE is pointing to brew image\n2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs\n2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state\n2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool\n2060585 - [SNO] Failed to find the virt-controller leader pod\n2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled. \n2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource\n2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace\n2063792 - No DataImportCron for CentOS 7\n2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2064936 - Migration of vm from VMware reports pvc not large enough\n2065014 - Feature Highlights in CNV 4.10 contains links to 4.7\n2065019 - \"Running VMs per template\" in the new overview tab counts VMs that are not running\n2066768 - [CNV-4.11-HCO] User Cannot List Resource \"namespaces\" in API group\n2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom\n2069287 - Two annotations for VM Template provider name\n2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2070864 - non-privileged user cannot see catalog tiles\n2071488 - \"Migrate Node to Node\" is confusing. \n2071549 - [rhel-9] unable to create a non-root virt-launcher based VM\n2071611 - Metrics documentation generators are missing metrics/recording rules\n2071921 - Kubevirt RPM is not being built\n2073669 - [rhel-9] VM fails to start\n2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream\n2073982 - [CNV-4.11-RHEL9] \u0027virtctl\u0027 binary fails with \u0027rc1\u0027 with \u0027virtctl version\u0027 command\n2074337 - VM created from registry cannot be started\n2075200 - VLAN filtering cannot be configured with Intel X710\n2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff\n2076292 - Upgrade from 4.10.1-\u003e4.11 using nightly channel, is not completing with error \"could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR\"\n2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file\n2076790 - Alert SSPDown is constantly in Firing state\n2076908 - clicking on a template in the Running VMs per Template card leads to 404\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2078700 - Windows template boot source should be blank\n2078703 - [RFE] Please hide the user defined password when customizing cloud-init\n2078709 - VM conditions column have wrong key/values\n2078728 - Common template rootDisk is not named correctly\n2079366 - rootdisk is not able to edit\n2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM\n2079783 - Actions are broken in topology view\n2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck\n2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod\n2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop\n2080833 - Missing cloud init script editor in the scripts tab\n2080835 - SSH key is set using cloud init script instead of new api\n2081182 - VM SSH command generated by UI points at api VIP\n2081202 - cloud-init for Windows VM generated with corrupted \"undefined\" section\n2081409 - when viewing a common template details page, user need to see the message \"can\u0027t edit common template\" on all tabs\n2081671 - SSH service created outside the UI is not discoverable\n2081831 - [RFE] Improve disk hotplug UX\n2082008 - LiveMigration fails due to loss of connection to destination host\n2082164 - Migration progress timeout expects absolute progress\n2082912 - [CNV-4.11] HCO Being Unable to Reconcile State\n2083093 - VM overview tab is crashed\n2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?\n2083100 - Something keeps loading in the ?node selector? modal\n2083101 - ?Restore default settings? never become available while editing CPU/Memory\n2083135 - VM fails to schedule with vTPM in spec\n2083256 - SSP Reconcile logging improvement when CR resources are changed\n2083595 - [RFE] Disable VM descheduler if the VM is not live migratable\n2084102 - [e2e] Many elements are lacking proper selector like \u0027data-test-id\u0027 or \u0027data-test\u0027\n2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails\n2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field\n2084431 - User credentials for ssh is not in correct format\n2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab. \n2084532 - Console is crashed while detaching disk\n2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)\n2085320 - Tolerations rules is not adding correctly\n2085322 - Not able to stop/restart VM if the VM is staying in \"Starting\"\n2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode\n2086278 - Cloud init script edit add \" hostname=\u0027\u0027 \" when is should not be added\n2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode\n2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode\n2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode\n2086294 - [dark mode] Can\u0027t see the number inside the donut chart in VMs per template card\n2086303 - non-priv user can\u0027t create VM when namespace is not selected\n2086479 - some modals use ?Save? and some modals use ?Submit?\n2086486 - cluster overview getting started card include old information\n2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend\n2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard\n2086803 - When clonnig a template we need to update vm labels and annotaions to match new template\n2086825 - VM restore PVC uses exact source PVC request size\n2086849 - Create from YAML example is not runnable\n2087188 - When VM is stopped - adding disk failed to show\n2087189 - When VM is stopped - adding disk failed to show\n2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2087546 - \"Quick Starts\" is missing in Getting started card\n2087547 - Activity and Status card are missing in Virtualization Overview\n2087559 - template in \"VMs per template\" should take user to vm list page\n2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists\n2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?\n2087577 - \"VMs per template\" load time is a bit long\n2087578 - Terminology \"VM\" should be \"Virtual Machine\" in all places\n2087582 - Remove VMI and MTV from the navigation\n2087583 - [RFE] Show more info about boot source in template list\n2087584 - Template provider should not be mandatory\n2087587 - Improve the descriptive text in the kebab menu of template\n2087589 - Red icons shows in storage disk source selection without a good reason\n2087590 - [REF] \"Upload a new file to a PVC\" should not open the form in a new tab\n2087593 - \"Boot method\" is not a good name in overview tab\n2087603 - Align details card for single VM overview with the design doc\n2087616 - align the utilization card of single VM overview with the design\n2087701 - [RFE] Missing a link to VMI from running VM details page\n2087717 - Message when editing template boot source is wrong\n2088034 - Virtualization Overview crashes when a VirtualMachine has no labels\n2088355 - disk modal shows all storage classes as default\n2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user\n2088379 - Create VM from catalog does not respect the storageclass of the template\u0027s boot source\n2088407 - Missing create button in the template list\n2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context\n2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11\n2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error\n2088849 - \"dataimportcrontemplate.kubevirt.io/enable\" field does not do any validation\n2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco\n2089271 - Virtualization appears twice in sidebar\n2089327 - add network modal crash when no networks available\n2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page\n2089477 - [RFE] Allow upload source when adding VM disk\n2089700 - Drive column in Disks card of Overview page has duplicated values\n2089745 - When removing all disks from customize wizard app crashes\n2089789 - Add windows drivers disk is missing when template is not windows\n2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user\n2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages\n2089840 - Cant create snapshot if VM is without disks\n2089877 - Utilization card on single VM overview - timespan menu lacks 5min option\n2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update\n2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics\n2089954 - Details card on single VM overview - VNC console has grey padding\n2089963 - Details card on single VM overview - Operating system info is not available\n2089967 - Network Interfaces card on single VM overview - name tooltip lacks info\n2089970 - Network Interfaces card on single VM overview - IP tooltip\n2089972 - Disks card on single VM overview -typo\n2089979 - Single VM Details - CPU|Memory edit icon misplaced\n2089982 - Single VM Details - SSH modal has redundant VM name\n2090035 - Alert card is missing in single VM overview\n2090036 - OS should be \"Operating system\" and host should be \"hostname\" in single vm overview\n2090037 - Add template link in single vm overview details card\n2090038 - The update field under the version in overview should be consistent with the operator page\n2090042 - Move the edit button close to the text for \"boot order\" and \"ssh access\"\n2090043 - \"No resource selected\" in vm boot order\n2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page\n2090048 - \"Boot mode\" should be editable while VM is running\n2090054 - Services ?kubernetes\" and \"openshift\" should not be listing in vm details\n2090055 - Add link to vm template in vm details page\n2090056 - \"Something went wrong\" shows on VM \"Environment\" tab\n2090057 - \"?\" icon is too big in environment and disk tab\n2090059 - Failed to add configmap in environment tab due to validate error\n2090064 - Miss \"remote desktop\" in console dropdown list for windows VM\n2090066 - [RFE] Improve guest login credentials\n2090068 - Make the \"name\" and \"Source\" column wider in vm disk tab\n2090131 - Key\u0027s value in \"add affinity rule\" modal is too small\n2090350 - memory leak in virt-launcher process\n2091003 - SSH service is not deleted along the VM\n2091058 - After VM gets deleted, the user is redirected to a page with a different namespace\n2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec. \n2091406 - wrong template namespace label when creating a vm with wizard\n2091754 - Scheduling and scripts tab should be editable while the VM is running\n2091755 - Change bottom \"Save\" to \"Apply\" on cloud-init script form\n2091756 - The root disk of cloned template should be editable\n2091758 - \"OS\" should be \"Operating system\" in template filter\n2091760 - The provider should be empty if it\u0027s not set during cloning\n2091761 - Miss \"Edit labels\" and \"Edit annotations\" in template kebab button\n2091762 - Move notification above the tabs in template details page\n2091764 - Clone a template should lead to the template details\n2091765 - \"Edit bootsource\" is keeping in load in template actions dropdown\n2091766 - \"Are you sure you want to leave this page?\" pops up when click the \"Templates\" link\n2091853 - On Snapshot tab of single VM \"Restore\" button should move to the kebab actions together with the Delete\n2091863 - BootSource edit modal should list affected templates\n2091868 - Catalog list view has two columns named \"BootSource\"\n2091889 - Devices should be editable for customize template\n2091897 - username is missing in the generated ssh command\n2091904 - VM is not started if adding \"Authorized SSH Key\" during vm creation\n2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root\n2091940 - SSH is not enabled in vm details after restart the VM\n2091945 - delete a template should lead to templates list\n2091946 - Add disk modal shows wrong units\n2091982 - Got a lot of \"Reconciler error\" in cdi-deployment log after adding custom DataImportCron to hco\n2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank\n2092052 - Virtualization should be omitted in Calatog breadcrumbs\n2092071 - Getting started card in Virtualization overview can not be hidden. \n2092079 - Error message stays even when problematic field is dismissed\n2092158 - PrometheusRule  kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO\n2092228 - Ensure Machine Type for new VMs is 8.6\n2092230 - [RFE] Add indication/mark to deprecated template\n2092306 - VM is stucking with WaitingForVolumeBinding if creating via \"Boot from CD\"\n2092337 - os is empty in VM details page\n2092359 - [e2e] data-test-id includes all pvc name\n2092654 - [RFE] No obvious way to delete the ssh key from the VM\n2092662 - No url example for rhel and windows template\n2092663 - no hyperlink for URL example in disk source \"url\"\n2092664 - no hyperlink to the cdi uploadproxy URL\n2092781 - Details card should be removed for non admins. \n2092783 - Top consumers\u0027 card should be removed for non admins. \n2092787 - Operators links should be removed from Getting started card\n2092789 - \"Learn more about Operators\" link should lead to the Red Hat documentation\n2092951 - ?Edit BootSource? action should have more explicit information when disabled\n2093282 - Remove links to \u0027all-namespaces/\u0027 for non-privileged user\n2093691 - Creation flow drawer left padding is broken\n2093713 - Required fields in creation flow should be highlighted if empty\n2093715 - Optional parameters section in creation flow is missing bottom padding\n2093716 - CPU|Memory modal button should say \"Restore template settings?\n2093772 - Add a service in environment it reminds a pending change in boot order\n2093773 - Console crashed if adding a service without serial number\n2093866 - Cannot create vm from the template `vm-template-example`\n2093867 - OS for template \u0027vm-template-example\u0027 should matching the version of the image\n2094202 - Cloud-init username field should have hint\n2094207 - Cloud-init password field should have auto-generate option\n2094208 - SSH key input is missing validation\n2094217 - YAML view should reflect shanges in SSH form\n2094222 - \"?\" icon should be placed after red asterisk in required fields\n2094323 - Workload profile should be editable in template details page\n2094405 - adding resource on enviornment isnt showing on disks list when vm is running\n2094440 - Utilization pie charts figures are not based on current data\n2094451 - PVC selection in VM creation flow does not work for non-priv user\n2094453 - CD Source selection in VM creation flow is missing Upload option\n2094465 - Typo in Source tooltip\n2094471 - Node selector modal for non-privileged user\n2094481 - Tolerations modal for non-privileged user\n2094486 - Add affinity rule modal\n2094491 - Affinity rules modal button\n2094495 - Descheduler modal has same text in two lines\n2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id\n2094665 - Dedicated Resources modal for non-privileged user\n2094678 - Secrets and ConfigMaps can\u0027t be added to Windows VM\n2094727 - Creation flow should have VM info in header row\n2094807 - hardware devices dropdown has group title even with no devices in cluster\n2094813 - Cloudinit password is seen in wizard\n2094848 - Details card on Overview page - \u0027View details\u0027 link is missing\n2095125 - OS is empty in the clone modal\n2095129 - \"undefined\" appears in rootdisk line in clone modal\n2095224 - affinity modal for non-privileged users\n2095529 - VM migration cancelation in kebab action should have shorter name\n2095530 - Column sizes in VM list view\n2095532 - Node column in VM list view is visible to non-privileged user\n2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime\n2095570 - Details tab of VM should not have Node info for non-privileged user\n2095573 - Disks created as environment or scripts should have proper label\n2095953 - VNC console controls layout\n2095955 - VNC console tabs\n2096166 - Template \"vm-template-example\" is binding with namespace \"default\"\n2096206 - Inconsistent capitalization in Template Actions\n2096208 - Templates in the catalog list is not sorted\n2096263 - Incorrectly displaying units for Disks size or Memory field in various places\n2096333 - virtualization overview, related operators title is not aligned\n2096492 - Cannot create vm from a cloned template if its boot source is edited\n2096502 - \"Restore template settings\" should be removed from template CPU editor\n2096510 - VM can be created without any disk\n2096511 - Template shows \"no Boot Source\" and label \"Source available\" at the same time\n2096620 - in templates list, edit boot reference kebab action opens a modal with different title\n2096781 - Remove boot source provider while edit boot source reference\n2096801 - vnc thumbnail in virtual machine overview should be active on page load\n2096845 - Windows template\u0027s scripts tab is crashed\n2097328 - virtctl guestfs shouldn\u0027t required uid = 0\n2097370 - missing titles for optional parameters in wizard customization page\n2097465 - Count is not updating for \u0027prometheusrule\u0027 component when metrics kubevirt_hco_out_of_band_modifications_count executed\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2098134 - \"Workload profile\" column is not showing completely in template list\n2098135 - Workload is not showing correct in catalog after change the template\u0027s workload\n2098282 - Javascript error when changing boot source of custom template to be an uploaded file\n2099443 - No \"Quick create virtualmachine\" button for template \u0027vm-template-example\u0027\n2099533 - ConsoleQuickStart for HCO CR\u0027s VM is missing\n2099535 - The cdi-uploadproxy certificate url should be opened in a new tab\n2099539 - No storage option for upload while editing a disk\n2099566 - Cloudinit should be replaced by cloud-init in all places\n2099608 - \"DynamicB\" shows in vm-example disk size\n2099633 - Doc links needs to be updated\n2099639 - Remove user line from the ssh command section\n2099802 - Details card link shouldn\u0027t be hard-coded\n2100054 - Windows VM with WSL2 guest fails to migrate\n2100284 - Virtualization overview is crashed\n2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101485 - Cloudinit should be replaced by cloud-init in all places\n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer\n2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2102122 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2102124 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102127 - Cannot add NIC to VM template as non-priv user\n2102129 - All templates are labeling \"source available\" in template list page\n2102131 - The number of hardware devices is not correct in vm overview tab\n2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2102143 - vm clone modal is displaying DV size instead of PVC size\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102543 - Add button moved to right\n2102544 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102545 - VM filter has two \"Other\" checkboxes which are triggered together\n2104617 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106258 - All pages are crashed after visit Virtualization -\u003e Overview\n2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions\n2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111562 - kubevirt plugin console crashed after visit vmi page\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key\n2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key\n2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key\n2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. Bugs fixed (https://bugzilla.redhat.com/):\n\n2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing\n2056354 - CVE-2022-25314 expat: integer overflow in copyString()\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25313"
          },
          {
            "db": "VULHUB",
            "id": "VHN-415280"
          },
          {
            "db": "PACKETSTORM",
            "id": "167853"
          },
          {
            "db": "PACKETSTORM",
            "id": "167838"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "168228"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "166254"
          },
          {
            "db": "PACKETSTORM",
            "id": "168392"
          },
          {
            "db": "PACKETSTORM",
            "id": "168352"
          },
          {
            "db": "PACKETSTORM",
            "id": "167648"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-25313",
            "trust": 2.0
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/02/19/1",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167648",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "167838",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166254",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "167853",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168228",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "167845",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168022",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168265",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167671",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168054",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167985",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167984",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167778",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169777",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168351",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-18354",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-415280",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169228",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168392",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168352",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415280"
          },
          {
            "db": "PACKETSTORM",
            "id": "167853"
          },
          {
            "db": "PACKETSTORM",
            "id": "167838"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "168228"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "166254"
          },
          {
            "db": "PACKETSTORM",
            "id": "168392"
          },
          {
            "db": "PACKETSTORM",
            "id": "168352"
          },
          {
            "db": "PACKETSTORM",
            "id": "167648"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25313"
          }
        ]
      },
      "id": "VAR-202202-0163",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415280"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-04-10T23:19:11.648000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-674",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415280"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25313"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.2,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5085"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/libexpat/libexpat/pull/558"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-40528"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1621"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-27782"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-27776"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22576"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1629"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-27774"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-2097"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3634"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1292"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-2068"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-28327"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-21698"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30629"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-32206"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-32208"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30631"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24675"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-4189"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3737"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-25219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25032"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27666"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3695"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28735"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3696"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3696"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5531"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3695"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3697"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28733"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27666"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3697"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5704"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29173"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29173"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26691"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6290"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26691"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28327"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.7"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/expat/2.4.1-2ubuntu0.3"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5320-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.4"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1963903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6526"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38561"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24921"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38185"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-17541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43527"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4115"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31535"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23773"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15586"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8559"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1897"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1927"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20095"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2526"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28500"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0686"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23337"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0639"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6429"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0512"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28493"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1650"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5314"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415280"
          },
          {
            "db": "PACKETSTORM",
            "id": "167853"
          },
          {
            "db": "PACKETSTORM",
            "id": "167838"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "168228"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "166254"
          },
          {
            "db": "PACKETSTORM",
            "id": "168392"
          },
          {
            "db": "PACKETSTORM",
            "id": "168352"
          },
          {
            "db": "PACKETSTORM",
            "id": "167648"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25313"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-415280",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "167853",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "167838",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168228",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169228",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166254",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168392",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168352",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "167648",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25313",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-02-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415280",
            "ident": null
          },
          {
            "date": "2022-07-27T17:32:40",
            "db": "PACKETSTORM",
            "id": "167853",
            "ident": null
          },
          {
            "date": "2022-07-27T17:26:20",
            "db": "PACKETSTORM",
            "id": "167838",
            "ident": null
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "date": "2022-09-01T16:34:06",
            "db": "PACKETSTORM",
            "id": "168228",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169228",
            "ident": null
          },
          {
            "date": "2022-03-10T17:14:11",
            "db": "PACKETSTORM",
            "id": "166254",
            "ident": null
          },
          {
            "date": "2022-09-15T14:20:18",
            "db": "PACKETSTORM",
            "id": "168392",
            "ident": null
          },
          {
            "date": "2022-09-13T15:42:14",
            "db": "PACKETSTORM",
            "id": "168352",
            "ident": null
          },
          {
            "date": "2022-07-01T14:57:16",
            "db": "PACKETSTORM",
            "id": "167648",
            "ident": null
          },
          {
            "date": "2022-02-18T05:15:08.130000",
            "db": "NVD",
            "id": "CVE-2022-25313",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415280",
            "ident": null
          },
          {
            "date": "2025-05-30T20:15:26.880000",
            "db": "NVD",
            "id": "CVE-2022-25313",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Red Hat Security Advisory 2022-5531-01",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "167853"
          }
        ],
        "trust": 0.1
      },
      "type": {
        "_id": null,
        "data": "arbitrary",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "166254"
          }
        ],
        "trust": 0.2
      }
    }

    VAR-202201-0370

    Vulnerability from variot - Updated: 2026-04-10 23:10

    storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C language. The vulnerability stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Background

    Expat is a set of XML parsing libraries.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 .

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Summary:

    The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

    2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

    1. Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. This update provides security fixes, bug fixes, and updates the container images. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

    Security updates:

    • golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

    • nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

    • imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)

    • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    Related bugs:

    • RHACM 2.4.3 image files (BZ #2057249)

    • Observability - dashboard name contains / would cause error when generating dashboard cm (BZ #2032128)

    • ACM application placement fails after renaming the application name (BZ

    2033051)

    • Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)

    • Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)

    • The value of name label changed from clusterclaim name to cluster name (BZ #2042223)

    • VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ

    2048500)

    • clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)

    • Application cluster status is not updated in UI after restoring (BZ

    2053279)

    • OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)

    • The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)

    • Subscriptions stop reconciling after channel secrets are recreated (BZ

    2059954)

    • Placementrule is not reconciling on a new fresh environment (BZ #2074156)

    • The cluster claimed from clusterpool cannot auto imported (BZ #2074543)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: xmlrpc-c security update Advisory ID: RHSA-2022:7692-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7692 Issue date: 2022-11-08 CVE Names: CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ==================================================================== 1. Summary:

    An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux BaseOS (v. 8):

    Source: xmlrpc-c-1.51.0-8.el8.src.rpm

    aarch64: xmlrpc-c-1.51.0-8.el8.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm

    ppc64le: xmlrpc-c-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm

    s390x: xmlrpc-c-1.51.0-8.el8.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm

    x86_64: xmlrpc-c-1.51.0-8.el8.i686.rpm xmlrpc-c-1.51.0-8.el8.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-1.51.0-8.el8.i686.rpm xmlrpc-c-client-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm

    Red Hat CodeReady Linux Builder (v. 8):

    aarch64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm xmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm

    ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm

    s390x: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm xmlrpc-c-devel-1.51.0-8.el8.s390x.rpm

    x86_64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm xmlrpc-c-devel-1.51.0-8.el8.i686.rpm xmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5 Vot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG LF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5 K/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU JOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8 0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd IlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ XaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI nv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y qKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7 uOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S ZzcPNNMPHw0=wFwS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": null,
            "trust": 0.8,
            "vendor": "libexpat",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenable",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22827"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Siemens notified CISA of these vulnerabilities.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-643"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-22827",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-22827",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-411553",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-22827",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-22827",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22827",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-22827",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22827",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-643",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411553",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411553"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-643"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22827"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22827"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C language. The vulnerability stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n=========\nExpat is a set of XML parsing libraries. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. This update provides security fixes, bug\nfixes, and updates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature  authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: xmlrpc-c security update\nAdvisory ID:       RHSA-2022:7692-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7692\nIssue date:        2022-11-08\nCVE Names:         CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                   CVE-2022-22824 CVE-2022-22825 CVE-2022-22826\n                   CVE-2022-22827\n====================================================================\n1. Summary:\n\nAn update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nXML-RPC is a remote procedure call (RPC) protocol that uses XML to encode\nits calls and HTTP as a transport mechanism. The xmlrpc-c packages provide\na network protocol to allow a client program to make a simple RPC (remote\nprocedure call) over the Internet. It converts an RPC into an XML document,\nsends it to a remote server using HTTP, and gets back the response in XML. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nxmlrpc-c-1.51.0-8.el8.src.rpm\n\naarch64:\nxmlrpc-c-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm\n\nppc64le:\nxmlrpc-c-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm\n\ns390x:\nxmlrpc-c-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm\n\nx86_64:\nxmlrpc-c-1.51.0-8.el8.i686.rpm\nxmlrpc-c-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm\n\nppc64le:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm\n\ns390x:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-devel-1.51.0-8.el8.s390x.rpm\n\nx86_64:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-devel-1.51.0-8.el8.i686.rpm\nxmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5\nVot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG\nLF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5\nK/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU\nJOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8\n0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd\nIlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ\nXaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI\nnv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y\nqKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7\nuOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S\nZzcPNNMPHw0=wFwS\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411553"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "169788"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22827",
            "trust": 4.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 1.4
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-278-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97425465",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0626",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0369",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2165",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032013",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022021418",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072710",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070734",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011713",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070605",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020902",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-643",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-04544",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-411553",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411553"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "169788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-643"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22827"
          }
        ]
      },
      "id": "VAR-202201-0370",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411553"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-04-10T23:10:45.260000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SSA-484086 Hitachi Server / Client Product Security Information",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22827"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/539"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97425465/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-six-vulnerabilities-37271"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011713"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2165"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0369"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070734"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25636"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22817"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1396"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1476"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7692"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411553"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "169788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-643"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22827"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411553",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-643",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22827",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411553",
            "ident": null
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "date": "2022-05-05T17:35:22",
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "date": "2022-04-20T15:12:33",
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "date": "2022-03-24T14:36:50",
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "date": "2022-04-21T15:12:25",
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "date": "2022-11-08T13:52:57",
            "db": "PACKETSTORM",
            "id": "169788",
            "ident": null
          },
          {
            "date": "2022-01-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-643",
            "ident": null
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002873",
            "ident": null
          },
          {
            "date": "2022-01-10T14:12:57.363000",
            "db": "NVD",
            "id": "CVE-2022-22827",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411553",
            "ident": null
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-643",
            "ident": null
          },
          {
            "date": "2023-10-10T06:07:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002873",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:53.893000",
            "db": "NVD",
            "id": "CVE-2022-22827",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-643"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Expat\u00a0 Integer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002873"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-643"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201207-0370

    Vulnerability from variot - Updated: 2026-04-10 22:40

    Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Description:

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

    Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2012-1148)

    A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. Solution:

    The References section of this erratum contains a download link (you must log in to download the update). ============================================================================ Ubuntu Security Notice USN-1613-1 October 17, 2012

    python2.5 vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 8.04 LTS

    Summary:

    Several security issues were fixed in Python 2.5.

    Software Description: - python2.5: An interactive high-level object-oriented language (version 2.5)

    Details:

    It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)

    It was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)

    Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)

    It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)

    Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521)

    It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)

    It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)

    It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)

    It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. (CVE-2012-1148)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 8.04 LTS: python2.5 2.5.2-2ubuntu6.2 python2.5-minimal 2.5.2-2ubuntu6.2

    In general, a standard system update will make all the necessary changes.

    For the stable distribution (squeeze), this problem has been fixed in version 2.0.1-7+squeeze1.

    For the testing distribution (wheezy), this problem has been fixed in version 2.1.0~beta3-1.

    For the unstable distribution (sid), this problem has been fixed in version 2.1.0~beta3-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: expat security update Advisory ID: RHSA-2012:0731-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0731.html Issue date: 2012-06-13 CVE Names: CVE-2012-0876 CVE-2012-1148 =====================================================================

    1. Summary:

    Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6.

    The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

    1. Description:

    Expat is a C library written by James Clark for parsing XML documents.

    A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876)

    A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148)

    All Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

    1. Solution:

    Before applying this update, make sure all previously-released errata relevant to your system have been applied.

    This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

    1. Bugs fixed (http://bugzilla.redhat.com/):

    786617 - CVE-2012-0876 expat: hash table collisions CPU usage DoS 801648 - CVE-2012-1148 expat: Memory leak in poolGrow

    1. Package List:

    Red Hat Enterprise Linux Desktop (v. 5 client):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm

    i386: expat-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm

    x86_64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.x86_64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm

    RHEL Desktop Workstation (v. 5 client):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm

    i386: expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.i386.rpm

    x86_64: expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm expat-devel-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.x86_64.rpm

    Red Hat Enterprise Linux (v. 5 server):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm

    i386: expat-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.i386.rpm

    ia64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.ia64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.ia64.rpm expat-devel-1.95.8-11.el5_8.ia64.rpm

    ppc: expat-1.95.8-11.el5_8.ppc.rpm expat-1.95.8-11.el5_8.ppc64.rpm expat-debuginfo-1.95.8-11.el5_8.ppc.rpm expat-debuginfo-1.95.8-11.el5_8.ppc64.rpm expat-devel-1.95.8-11.el5_8.ppc.rpm expat-devel-1.95.8-11.el5_8.ppc64.rpm

    s390x: expat-1.95.8-11.el5_8.s390.rpm expat-1.95.8-11.el5_8.s390x.rpm expat-debuginfo-1.95.8-11.el5_8.s390.rpm expat-debuginfo-1.95.8-11.el5_8.s390x.rpm expat-devel-1.95.8-11.el5_8.s390.rpm expat-devel-1.95.8-11.el5_8.s390x.rpm

    x86_64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.x86_64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm expat-devel-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.x86_64.rpm

    Red Hat Enterprise Linux Desktop (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm

    i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm

    x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Desktop Optional (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm

    i386: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm

    x86_64: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm

    Red Hat Enterprise Linux HPC Node (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm

    x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm

    Red Hat Enterprise Linux HPC Node Optional (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm

    x86_64: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm

    i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm

    ppc64: expat-2.0.1-11.el6_2.ppc.rpm expat-2.0.1-11.el6_2.ppc64.rpm expat-debuginfo-2.0.1-11.el6_2.ppc.rpm expat-debuginfo-2.0.1-11.el6_2.ppc64.rpm expat-devel-2.0.1-11.el6_2.ppc.rpm expat-devel-2.0.1-11.el6_2.ppc64.rpm

    s390x: expat-2.0.1-11.el6_2.s390.rpm expat-2.0.1-11.el6_2.s390x.rpm expat-debuginfo-2.0.1-11.el6_2.s390.rpm expat-debuginfo-2.0.1-11.el6_2.s390x.rpm expat-devel-2.0.1-11.el6_2.s390.rpm expat-devel-2.0.1-11.el6_2.s390x.rpm

    x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm

    i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm

    x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2012-0876.html https://www.redhat.com/security/data/cve/CVE-2012-1148.html https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

    iD8DBQFP2KEPXlSAg2UNWIIRAhWPAJ0Q22boGq3FiPI7246uE8qjdEpq3gCfRNip 1zY6/nH/4z7IxjTyIkW0Jkk= =x3IW -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

    iTunes for Windows 12.6 addresses the following:

    APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM) Entry added March 28, 2017

    iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2. CVE-2013-7443 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3717 CVE-2015-6607 CVE-2016-6153

    iTunes Available for: Windows 7 and later Impact: Multiple issues in expat Description: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0. CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300

    libxslt Available for: Windows 7 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-5029: Holger Fuhrmannek Entry added March 28, 2017

    WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative Entry added March 28, 2017

    WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation. CVE-2017-2479: lokihardt of Google Project Zero CVE-2017-2480: lokihardt of Google Project Zero Entry added March 28, 2017

    Installation note:

    iTunes for Windows 12.6 may be obtained from: https://www.apple.com/itunes/download/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

    iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj /zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/ YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+ lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE 9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo VkUmhXDNi0csm+QTi7ZP =hPjT -----END PGP SIGNATURE-----

    . The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security.

    Security Fix(es):

    • This update fixes several flaws in OpenSSL. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

    • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

    • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

    • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

    • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

    • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)

    Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

    See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Bugs fixed (https://bugzilla.redhat.com/):

    801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error

    1. JIRA issues fixed (https://issues.jboss.org/):

    JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

    6

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "apple",
            "version": "10.11.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.7"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.0.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.4"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.6"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.8"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.5"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.2"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.11.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "expat",
            "version": "2.1.0"
          },
          {
            "_id": null,
            "model": "esx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "vmware",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "esx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "esx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "vmware",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "10.11"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1148"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:libexpat:expat",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:vmware:esx",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "135349"
          },
          {
            "db": "PACKETSTORM",
            "id": "113606"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1148",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-1148",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-54429",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1148",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1148",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201204-164",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54429",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54429"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1148"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. This update provides the\ncorresponding updates for XML-RPC for C and C++. Both issues described in the\noriginal advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04,\n11.10 and 12.04 LTS. This issue only affected\n Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of \ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector \n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat \nNative library. \n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2012-1148)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when \nprocessing requests using chunked encoding. A malicious client could use \nTrailer headers to set additional HTTP headers after header processing was \nperformed by other modules. This could, for example, lead to a bypass of \nheader restrictions defined with mod_headers. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). ============================================================================\nUbuntu Security Notice USN-1613-1\nOctober 17, 2012\n\npython2.5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 8.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Python 2.5. \n\nSoftware Description:\n- python2.5: An interactive high-level object-oriented language (version\n2.5)\n\nDetails:\n\nIt was discovered that Python would prepend an empty string to sys.path\nunder certain circumstances. A local attacker with write access to the\ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input\nvalidation. If a user or automatated system were tricked into opening a\ncrafted audio file, an attacker could cause a denial of service via\napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via\ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform\ninput validation on certain HTTP GET requests. A remote attacker could\npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process\nLocation headers that specify a redirection to file: URLs. A remote\nattacker could exploit this to obtain sensitive information or cause a\ndenial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in\nthe Content-Type HTTP header. An attacker could potentially exploit this\nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7\nusers. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when\ncreating the ~/.pypirc file. A local attacker could exploit this to obtain\nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its\ninput when handling HTTP POST requests. A remote attacker could exploit\nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values\nwithout restricting the ability to trigger hash collisions predictably. (CVE-2012-1148)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 8.04 LTS:\n  python2.5                       2.5.2-2ubuntu6.2\n  python2.5-minimal               2.5.2-2ubuntu6.2\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.1-7+squeeze1. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.0~beta3-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0~beta3-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: expat security update\nAdvisory ID:       RHSA-2012:0731-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0731.html\nIssue date:        2012-06-13\nCVE Names:         CVE-2012-0876 CVE-2012-1148 \n=====================================================================\n\n1. Summary:\n\nUpdated expat packages that fix two security issues are now available for\nRed Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nExpat is a C library written by James Clark for parsing XML documents. \n\nA denial of service flaw was found in the implementation of hash arrays in\nExpat. An attacker could use this flaw to make an application using Expat\nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate\nthis issue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions. \n(CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation failure,\nExpat failed to free the previously allocated memory. This could cause the\napplication to exit unexpectedly or crash when all available memory is\nexhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n786617 - CVE-2012-0876 expat: hash table collisions CPU usage DoS\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm\n\ni386:\nexpat-1.95.8-11.el5_8.i386.rpm\nexpat-debuginfo-1.95.8-11.el5_8.i386.rpm\n\nx86_64:\nexpat-1.95.8-11.el5_8.i386.rpm\nexpat-1.95.8-11.el5_8.x86_64.rpm\nexpat-debuginfo-1.95.8-11.el5_8.i386.rpm\nexpat-debuginfo-1.95.8-11.el5_8.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm\n\ni386:\nexpat-debuginfo-1.95.8-11.el5_8.i386.rpm\nexpat-devel-1.95.8-11.el5_8.i386.rpm\n\nx86_64:\nexpat-debuginfo-1.95.8-11.el5_8.i386.rpm\nexpat-debuginfo-1.95.8-11.el5_8.x86_64.rpm\nexpat-devel-1.95.8-11.el5_8.i386.rpm\nexpat-devel-1.95.8-11.el5_8.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm\n\ni386:\nexpat-1.95.8-11.el5_8.i386.rpm\nexpat-debuginfo-1.95.8-11.el5_8.i386.rpm\nexpat-devel-1.95.8-11.el5_8.i386.rpm\n\nia64:\nexpat-1.95.8-11.el5_8.i386.rpm\nexpat-1.95.8-11.el5_8.ia64.rpm\nexpat-debuginfo-1.95.8-11.el5_8.i386.rpm\nexpat-debuginfo-1.95.8-11.el5_8.ia64.rpm\nexpat-devel-1.95.8-11.el5_8.ia64.rpm\n\nppc:\nexpat-1.95.8-11.el5_8.ppc.rpm\nexpat-1.95.8-11.el5_8.ppc64.rpm\nexpat-debuginfo-1.95.8-11.el5_8.ppc.rpm\nexpat-debuginfo-1.95.8-11.el5_8.ppc64.rpm\nexpat-devel-1.95.8-11.el5_8.ppc.rpm\nexpat-devel-1.95.8-11.el5_8.ppc64.rpm\n\ns390x:\nexpat-1.95.8-11.el5_8.s390.rpm\nexpat-1.95.8-11.el5_8.s390x.rpm\nexpat-debuginfo-1.95.8-11.el5_8.s390.rpm\nexpat-debuginfo-1.95.8-11.el5_8.s390x.rpm\nexpat-devel-1.95.8-11.el5_8.s390.rpm\nexpat-devel-1.95.8-11.el5_8.s390x.rpm\n\nx86_64:\nexpat-1.95.8-11.el5_8.i386.rpm\nexpat-1.95.8-11.el5_8.x86_64.rpm\nexpat-debuginfo-1.95.8-11.el5_8.i386.rpm\nexpat-debuginfo-1.95.8-11.el5_8.x86_64.rpm\nexpat-devel-1.95.8-11.el5_8.i386.rpm\nexpat-devel-1.95.8-11.el5_8.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm\n\ni386:\nexpat-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\n\nx86_64:\nexpat-2.0.1-11.el6_2.i686.rpm\nexpat-2.0.1-11.el6_2.x86_64.rpm\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm\n\ni386:\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-devel-2.0.1-11.el6_2.i686.rpm\n\nx86_64:\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.x86_64.rpm\nexpat-devel-2.0.1-11.el6_2.i686.rpm\nexpat-devel-2.0.1-11.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm\n\nx86_64:\nexpat-2.0.1-11.el6_2.i686.rpm\nexpat-2.0.1-11.el6_2.x86_64.rpm\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm\n\nx86_64:\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.x86_64.rpm\nexpat-devel-2.0.1-11.el6_2.i686.rpm\nexpat-devel-2.0.1-11.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm\n\ni386:\nexpat-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-devel-2.0.1-11.el6_2.i686.rpm\n\nppc64:\nexpat-2.0.1-11.el6_2.ppc.rpm\nexpat-2.0.1-11.el6_2.ppc64.rpm\nexpat-debuginfo-2.0.1-11.el6_2.ppc.rpm\nexpat-debuginfo-2.0.1-11.el6_2.ppc64.rpm\nexpat-devel-2.0.1-11.el6_2.ppc.rpm\nexpat-devel-2.0.1-11.el6_2.ppc64.rpm\n\ns390x:\nexpat-2.0.1-11.el6_2.s390.rpm\nexpat-2.0.1-11.el6_2.s390x.rpm\nexpat-debuginfo-2.0.1-11.el6_2.s390.rpm\nexpat-debuginfo-2.0.1-11.el6_2.s390x.rpm\nexpat-devel-2.0.1-11.el6_2.s390.rpm\nexpat-devel-2.0.1-11.el6_2.s390x.rpm\n\nx86_64:\nexpat-2.0.1-11.el6_2.i686.rpm\nexpat-2.0.1-11.el6_2.x86_64.rpm\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.x86_64.rpm\nexpat-devel-2.0.1-11.el6_2.i686.rpm\nexpat-devel-2.0.1-11.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm\n\ni386:\nexpat-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-devel-2.0.1-11.el6_2.i686.rpm\n\nx86_64:\nexpat-2.0.1-11.el6_2.i686.rpm\nexpat-2.0.1-11.el6_2.x86_64.rpm\nexpat-debuginfo-2.0.1-11.el6_2.i686.rpm\nexpat-debuginfo-2.0.1-11.el6_2.x86_64.rpm\nexpat-devel-2.0.1-11.el6_2.i686.rpm\nexpat-devel-2.0.1-11.el6_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-0876.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1148.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFP2KEPXlSAg2UNWIIRAhWPAJ0Q22boGq3FiPI7246uE8qjdEpq3gCfRNip\n1zY6/nH/4z7IxjTyIkW0Jkk=\n=x3IW\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-28-2 Additional information for\nAPPLE-SA-2017-03-22-1 iTunes for Windows 12.6\n\niTunes for Windows 12.6 addresses the following:\n\nAPNs Server\nAvailable for:  Windows 7 and later\nImpact: An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription: A client certificate was sent in plaintext. This issue\nwas addressed through improved certificate handling. \nCVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical\nUniversity Munich (TUM)\nEntry added March 28, 2017\n\niTunes\nAvailable for:  Windows 7 and later\nImpact: Multiple issues in SQLite\nDescription: Multiple issues existed in SQLite. These issues were\naddressed by updating SQLite to version 3.15.2. \nCVE-2013-7443\nCVE-2015-3414\nCVE-2015-3415\nCVE-2015-3416\nCVE-2015-3717\nCVE-2015-6607\nCVE-2016-6153\n\niTunes\nAvailable for:  Windows 7 and later\nImpact: Multiple issues in expat\nDescription: Multiple issues existed in expat. These issues were\naddressed by updating expat to version 2.2.0. \nCVE-2009-3270\nCVE-2009-3560\nCVE-2009-3720\nCVE-2012-1147\nCVE-2012-1148\nCVE-2012-6702\nCVE-2015-1283\nCVE-2016-0718\nCVE-2016-4472\nCVE-2016-5300\n\nlibxslt\nAvailable for:  Windows 7 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2017-5029: Holger Fuhrmannek\nEntry added March 28, 2017\n\nWebKit\nAvailable for:  Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent\u0027s Xuanwu Lab\n(tencent.com) working with Trend Micro\u0027s Zero Day Initiative\nEntry added March 28, 2017\n\nWebKit\nAvailable for:  Windows 7 and later\nImpact: Processing maliciously crafted web content may exfiltrate\ndata cross-origin\nDescription: A validation issue existed in element handling. This\nissue was addressed through improved validation. \nCVE-2017-2479: lokihardt of Google Project Zero\nCVE-2017-2480: lokihardt of Google Project Zero\nEntry added March 28, 2017\n\nInstallation note:\n\niTunes for Windows 12.6 may be obtained from:\nhttps://www.apple.com/itunes/download/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj\n/zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX\nsE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/\nYKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER\nAMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc\ndiSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp\nesMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom\ng7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+\nlJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw\niJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE\n9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo\nVkUmhXDNi0csm+QTi7ZP\n=hPjT\n-----END PGP SIGNATURE-----\n\n\n\n.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nSecurity Fix(es):\n\n* This update fixes several flaws in OpenSSL. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1148"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54429"
          },
          {
            "db": "PACKETSTORM",
            "id": "116389"
          },
          {
            "db": "PACKETSTORM",
            "id": "135349"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "117449"
          },
          {
            "db": "PACKETSTORM",
            "id": "115300"
          },
          {
            "db": "PACKETSTORM",
            "id": "113606"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "db": "PACKETSTORM",
            "id": "111254"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1148",
            "trust": 3.5
          },
          {
            "db": "SECUNIA",
            "id": "51040",
            "trust": 1.7
          },
          {
            "db": "SECUNIA",
            "id": "49504",
            "trust": 1.7
          },
          {
            "db": "SECUNIA",
            "id": "51024",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "52379",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1034344",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU97526033",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "140182",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-54429",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "116389",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "135349",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141808",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "117449",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "115300",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "113606",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141796",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141937",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "111254",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54429"
          },
          {
            "db": "PACKETSTORM",
            "id": "116389"
          },
          {
            "db": "PACKETSTORM",
            "id": "135349"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "117449"
          },
          {
            "db": "PACKETSTORM",
            "id": "115300"
          },
          {
            "db": "PACKETSTORM",
            "id": "113606"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "db": "PACKETSTORM",
            "id": "111254"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1148"
          }
        ]
      },
      "id": "VAR-201207-0370",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54429"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:40:54.885000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008",
            "trust": 0.8,
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
          },
          {
            "title": "HT205637",
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/HT205637"
          },
          {
            "title": "HT205637",
            "trust": 0.8,
            "url": "http://support.apple.com/ja-jp/HT205637"
          },
          {
            "title": "DSA-2525",
            "trust": 0.8,
            "url": "http://www.debian.org/security/2012/dsa-2525"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.libexpat.org/"
          },
          {
            "title": "RHSA-2012:0731",
            "trust": 0.8,
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"
          },
          {
            "title": "MDVSA-2012:041",
            "trust": 0.8,
            "url": "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:041"
          },
          {
            "title": "Multiple Resource Management Error vulnerabilities in libexpat",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_resource_management_error_vulnerabilities"
          },
          {
            "title": "memory leak in poolGrow - ID: 2958794",
            "trust": 0.8,
            "url": "http://sourceforge.net/tracker/?func=detail\u0026atid=110127\u0026aid=2958794\u0026group_id=10127"
          },
          {
            "title": "expat 2.1.0",
            "trust": 0.8,
            "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"
          },
          {
            "title": "Diff of /expat/lib/xmlparse.c",
            "trust": 0.8,
            "url": "http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166\u0026r2=1.167"
          },
          {
            "title": "USN-1527-1",
            "trust": 0.8,
            "url": "http://www.ubuntu.com/usn/USN-1527-1/"
          },
          {
            "title": "USN-1613-2",
            "trust": 0.8,
            "url": "http://www.ubuntu.com/usn/USN-1613-2/"
          },
          {
            "title": "VMSA-2012-0016",
            "trust": 0.8,
            "url": "http://www.vmware.com/security/advisories/VMSA-2012-0016.html"
          },
          {
            "title": "expat-win32bin-2.1.0",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43625"
          },
          {
            "title": "expat-2.1.0",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43626"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54429"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1148"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0731.html"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-0062.html"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-1527-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-1613-1"
          },
          {
            "trust": 1.7,
            "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/52379"
          },
          {
            "trust": 1.7,
            "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht205637"
          },
          {
            "trust": 1.7,
            "url": "http://www.debian.org/security/2012/dsa-2525"
          },
          {
            "trust": 1.7,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:041"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034344"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/49504"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/51024"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/51040"
          },
          {
            "trust": 1.7,
            "url": "http://www.ubuntu.com/usn/usn-1613-2"
          },
          {
            "trust": 1.6,
            "url": "http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166\u0026r2=1.167"
          },
          {
            "trust": 1.6,
            "url": "http://sourceforge.net/tracker/?func=detail\u0026atid=110127\u0026aid=2958794\u0026group_id=10127"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1148"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu97526033/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1148"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0876"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5300"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.3,
            "url": "https://gpgtools.org"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6153"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3415"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3270"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6607"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3560"
          },
          {
            "trust": 0.3,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3416"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1283"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3717"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3414"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7443"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6702"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4472"
          },
          {
            "trust": 0.3,
            "url": "https://www.apple.com/itunes/download/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1147"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2012-1148"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166\u0026amp;r2=1.167"
          },
          {
            "trust": 0.1,
            "url": "http://sourceforge.net/tracker/?func=detail\u0026amp;atid=110127\u0026amp;aid=2958794\u0026amp;group_id=10127"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1527-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.32-0ubuntu3.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.32-0ubuntu4.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/xmlrpc-c/1.06.27-1ubuntu7.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2013-5704"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3183"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.0"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1015"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1634"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4944"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0845"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/python2.5/2.5.2-2ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5983"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1521"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3493"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2089"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4940"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0876.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1148.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/knowledge/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2480"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5029"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2479"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2383"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2463"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4448"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-8176"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-6808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2107"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1839"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4483"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2842"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8612"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3185"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3194"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1833"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1836"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4449"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0286"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-5420"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2178"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2108"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3627"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1837"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2109"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1834"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-5419"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4459"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0209"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3195"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3216"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4447"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-7141"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0799"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54429"
          },
          {
            "db": "PACKETSTORM",
            "id": "116389"
          },
          {
            "db": "PACKETSTORM",
            "id": "135349"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "117449"
          },
          {
            "db": "PACKETSTORM",
            "id": "115300"
          },
          {
            "db": "PACKETSTORM",
            "id": "113606"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "db": "PACKETSTORM",
            "id": "111254"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1148"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54429",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "116389",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "135349",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141808",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "117449",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "115300",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "113606",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141796",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141937",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "111254",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140182",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1148",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54429",
            "ident": null
          },
          {
            "date": "2012-09-11T02:37:29",
            "db": "PACKETSTORM",
            "id": "116389",
            "ident": null
          },
          {
            "date": "2016-01-21T22:22:00",
            "db": "PACKETSTORM",
            "id": "135349",
            "ident": null
          },
          {
            "date": "2017-03-24T14:54:06",
            "db": "PACKETSTORM",
            "id": "141808",
            "ident": null
          },
          {
            "date": "2012-10-18T06:05:25",
            "db": "PACKETSTORM",
            "id": "117449",
            "ident": null
          },
          {
            "date": "2012-08-07T06:07:17",
            "db": "PACKETSTORM",
            "id": "115300",
            "ident": null
          },
          {
            "date": "2012-06-13T22:55:47",
            "db": "PACKETSTORM",
            "id": "113606",
            "ident": null
          },
          {
            "date": "2017-03-23T16:22:29",
            "db": "PACKETSTORM",
            "id": "141796",
            "ident": null
          },
          {
            "date": "2017-03-28T23:44:44",
            "db": "PACKETSTORM",
            "id": "141937",
            "ident": null
          },
          {
            "date": "2012-03-28T03:00:55",
            "db": "PACKETSTORM",
            "id": "111254",
            "ident": null
          },
          {
            "date": "2016-12-16T16:34:49",
            "db": "PACKETSTORM",
            "id": "140182",
            "ident": null
          },
          {
            "date": "2012-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-164",
            "ident": null
          },
          {
            "date": "2012-07-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-002979",
            "ident": null
          },
          {
            "date": "2012-07-03T19:55:02.757000",
            "db": "NVD",
            "id": "CVE-2012-1148",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-01-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54429",
            "ident": null
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-164",
            "ident": null
          },
          {
            "date": "2015-12-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-002979",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1148",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "135349"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Expat of  expat/lib/xmlparse.c Service disruption in  ( Memory consumption ) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002979"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-164"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0073

    Vulnerability from variot - Updated: 2026-04-10 22:38

    In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a vulnerability in Expat versions before 2.4.3. The vulnerability stems from the fact that m_groupSize in Expat's xmlparse.c does not correctly verify the data boundary when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. No detailed vulnerability details were provided at this time. Summary:

    The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

    Security Fix(es) from Bugzilla:

    • golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)

    • golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)

    • golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)

    • golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to install and use MTC, refer to:

    https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

    1. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: expat security update Advisory ID: RHSA-2022:1069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1069 Issue date: 2022-03-28 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:

    An update for expat is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    Expat is a C library for parsing XML documents.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    ppc64: expat-2.1.0-14.el7_9.ppc.rpm expat-2.1.0-14.el7_9.ppc64.rpm expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-devel-2.1.0-14.el7_9.ppc.rpm expat-devel-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-2.1.0-14.el7_9.ppc64le.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-devel-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-2.1.0-14.el7_9.s390.rpm expat-2.1.0-14.el7_9.s390x.rpm expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-devel-2.1.0-14.el7_9.s390.rpm expat-devel-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-static-2.1.0-14.el7_9.ppc.rpm expat-static-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-static-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-static-2.1.0-14.el7_9.s390.rpm expat-static-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7 3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh WAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD jJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW TODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29 3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV kPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX 3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe 0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU 7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd oqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb Fq9o8PxEr0c=KN+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h610s"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h610c"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "solidfire \\\u0026 hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h615c"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": null,
            "trust": 0.8,
            "vendor": "libexpat",
            "version": null
          },
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenable",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire \u0026 hci management node",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Siemens notified CISA of these vulnerabilities.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-46143",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-46143",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-411370",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-46143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2021-46143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-46143",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-46143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2021-46143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-46143",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-417",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411370",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-46143",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a vulnerability in Expat versions before 2.4.3. The vulnerability stems from the fact that m_groupSize in Expat\u0027s xmlparse.c does not correctly verify the data boundary when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. No detailed vulnerability details were provided at this time. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: Limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* golang: debug/macho: Invalid dynamic symbol table command can cause panic\n(CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: syscall: Don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. After installing the updated packages, the\nhttpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: expat security update\nAdvisory ID:       RHSA-2022:1069-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1069\nIssue date:        2022-03-28\nCVE Names:         CVE-2021-45960 CVE-2021-46143 CVE-2022-22822\n                   CVE-2022-22823 CVE-2022-22824 CVE-2022-22825\n                   CVE-2022-22826 CVE-2022-22827 CVE-2022-23852\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for expat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library\nmust be restarted for the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nppc64:\nexpat-2.1.0-14.el7_9.ppc.rpm\nexpat-2.1.0-14.el7_9.ppc64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-devel-2.1.0-14.el7_9.ppc.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-2.1.0-14.el7_9.ppc64le.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-2.1.0-14.el7_9.s390.rpm\nexpat-2.1.0-14.el7_9.s390x.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-devel-2.1.0-14.el7_9.s390.rpm\nexpat-devel-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-static-2.1.0-14.el7_9.ppc.rpm\nexpat-static-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-static-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-static-2.1.0-14.el7_9.s390.rpm\nexpat-static-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7\n3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh\nWAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD\njJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW\nTODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29\n3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV\nkPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX\n3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe\n0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU\n7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd\noqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb\nFq9o8PxEr0c=KN+u\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-46143",
            "trust": 3.9
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 1.4
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-278-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97425465",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072710",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022021425",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072608",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070734",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032013",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011713",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070605",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020902",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0626",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2025",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0369",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-04545",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-411370",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "id": "VAR-202201-0073",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-04-10T22:38:57.986000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "hitachi-sec-2023-204",
            "trust": 0.8,
            "url": "https://github.com/libexpat/libexpat/issues/532"
          },
          {
            "title": "Expat Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=178019"
          },
          {
            "title": "Red Hat: CVE-2021-46143",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-46143"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1603",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1603"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1809",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1809"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-017"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-46143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20220121-0006/"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/issues/532"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/538"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97425465/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022021425"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072608"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-integer-overflow-via-doprolog-37270"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011713"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2025"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0369"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070734"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25636"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22817"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1396"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1069"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411370",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411370",
            "ident": null
          },
          {
            "date": "2022-01-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-46143",
            "ident": null
          },
          {
            "date": "2022-05-05T17:35:22",
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "date": "2022-04-20T15:12:33",
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:19",
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "date": "2022-03-28T15:54:26",
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "date": "2022-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-417",
            "ident": null
          },
          {
            "date": "2023-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-017676",
            "ident": null
          },
          {
            "date": "2022-01-06T04:15:07.017000",
            "db": "NVD",
            "id": "CVE-2021-46143",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411370",
            "ident": null
          },
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-46143",
            "ident": null
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-417",
            "ident": null
          },
          {
            "date": "2023-10-10T05:52:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-017676",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:28.820000",
            "db": "NVD",
            "id": "CVE-2021-46143",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Expat\u00a0 Integer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-0050

    Vulnerability from variot - Updated: 2026-04-10 22:16

    xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. (BZ#2048407)

    • Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40 Highlights and important bug fixes: consume libvirt fix for failure to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by too many open files from libvirtd. (BZ#2057048)

    • 8) - noarch

    • Description:

    Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW.

    The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8).

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2022:0824-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0824 Issue date: 2022-03-10 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 =====================================================================

    1. Summary:

    An update for firefox is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

    This update upgrades Firefox to version 91.7.0 ESR.

    Security Fix(es):

    • Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)

    • Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)

    • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

    • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)

    • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

    • Mozilla: Use-after-free in text reflows (CVE-2022-26381)

    • Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)

    • Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)

    • Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)

    • Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    • Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190)

    • Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the update, Firefox must be restarted for the changes to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: firefox-91.7.0-3.el7_9.src.rpm

    x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: firefox-91.7.0-3.el7_9.i686.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: firefox-91.7.0-3.el7_9.src.rpm

    ppc64: firefox-91.7.0-3.el7_9.ppc64.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm

    ppc64le: firefox-91.7.0-3.el7_9.ppc64le.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm

    s390x: firefox-91.7.0-3.el7_9.s390x.rpm firefox-debuginfo-91.7.0-3.el7_9.s390x.rpm

    x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    x86_64: firefox-91.7.0-3.el7_9.i686.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: firefox-91.7.0-3.el7_9.src.rpm

    x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: firefox-91.7.0-3.el7_9.i686.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#critical

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz 8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S PzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R 2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf ew6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9 SUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM 14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93 vs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL c8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky zEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x Lu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+ bKcbZLzdIk8= =OOuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - ppc64le, x86_64

    1. 8.2) - aarch64, ppc64le, s390x, x86_64

    3

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.5"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25235"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166453"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          },
          {
            "db": "PACKETSTORM",
            "id": "166277"
          },
          {
            "db": "PACKETSTORM",
            "id": "166276"
          },
          {
            "db": "PACKETSTORM",
            "id": "166275"
          },
          {
            "db": "PACKETSTORM",
            "id": "166274"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2022-25235",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-25235",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-415126",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-25235",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-25235",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-25235",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-1315",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-415126",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1315"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25235"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25235"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. (BZ#2048407)\n\n* Rebase package(s) to version:\nlibvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40\nHighlights and important bug fixes: consume libvirt fix for failure to\nconnect socket to \u0027/run/libvirt/virtlogd-sock\u0027 - possibly caused by too\nmany open files from libvirtd. (BZ#2057048)\n\n4. 8) - noarch\n\n3. Description:\n\nExpat is a C library for parsing XML documents. The mingw-expat packages\nprovide a port of the Expat library for MinGW. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-expat (2.4.8). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: firefox security and bug fix update\nAdvisory ID:       RHSA-2022:0824-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0824\nIssue date:        2022-03-10\nCVE Names:         CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 \n                   CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 \n                   CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 \n                   CVE-2022-26486 \n=====================================================================\n\n1. Summary:\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. \n\nThis update upgrades Firefox to version 91.7.0 ESR. \n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)\n\n* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* Mozilla: Use-after-free in text reflows (CVE-2022-26381)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)\n\n* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)\n\n* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n(CVE-2022-26387)\n\n* Mozilla: Temporary files downloaded to /tmp and accessible by other local\nusers (CVE-2022-26386)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks\ncannot be used any more (BZ#2030190)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework\n2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing\n2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode\n2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass\n2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows\n2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nppc64:\nfirefox-91.7.0-3.el7_9.ppc64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm\n\nppc64le:\nfirefox-91.7.0-3.el7_9.ppc64le.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm\n\ns390x:\nfirefox-91.7.0-3.el7_9.s390x.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.s390x.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/cve/CVE-2022-26381\nhttps://access.redhat.com/security/cve/CVE-2022-26383\nhttps://access.redhat.com/security/cve/CVE-2022-26384\nhttps://access.redhat.com/security/cve/CVE-2022-26386\nhttps://access.redhat.com/security/cve/CVE-2022-26387\nhttps://access.redhat.com/security/cve/CVE-2022-26485\nhttps://access.redhat.com/security/cve/CVE-2022-26486\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz\n8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S\nPzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R\n2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf\new6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9\nSUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM\n14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93\nvs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL\nc8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky\nzEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x\nLu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+\nbKcbZLzdIk8=\n=OOuA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8.1) - ppc64le, x86_64\n\n3. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25235"
          },
          {
            "db": "VULHUB",
            "id": "VHN-415126"
          },
          {
            "db": "PACKETSTORM",
            "id": "166453"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          },
          {
            "db": "PACKETSTORM",
            "id": "166277"
          },
          {
            "db": "PACKETSTORM",
            "id": "166276"
          },
          {
            "db": "PACKETSTORM",
            "id": "166275"
          },
          {
            "db": "PACKETSTORM",
            "id": "166274"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-25235",
            "trust": 2.5
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/02/19/1",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166453",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166275",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169777",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "167226",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166500",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166296",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166983",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166954",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166414",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166703",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166845",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166638",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0934",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5749",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5666",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1507",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0946",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1861",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1579",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0785.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1295",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1023",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2024",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1069",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2607",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2476",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022040715",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022050424",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070605",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032224",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032922",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022052423",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031020",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060122",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032005",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022109",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031428",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051320",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031108",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072710",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042629",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022411",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022061722",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072607",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041272",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1315",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166277",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166276",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166261",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166274",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166293",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166505",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166298",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166291",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166300",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-18356",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-415126",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415126"
          },
          {
            "db": "PACKETSTORM",
            "id": "166453"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          },
          {
            "db": "PACKETSTORM",
            "id": "166277"
          },
          {
            "db": "PACKETSTORM",
            "id": "166276"
          },
          {
            "db": "PACKETSTORM",
            "id": "166275"
          },
          {
            "db": "PACKETSTORM",
            "id": "166274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1315"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25235"
          }
        ]
      },
      "id": "VAR-202202-0050",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415126"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-04-10T22:16:27.762000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-116",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415126"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25235"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5085"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/562"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
          },
          {
            "trust": 1.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1295"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022411"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022040715"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2476"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032224"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166703/red-hat-security-advisory-2022-1309-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022109"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166845/red-hat-security-advisory-2022-1540-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166296/red-hat-security-advisory-2022-0847-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166638/red-hat-security-advisory-2022-1263-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0946"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166500/red-hat-security-advisory-2022-1068-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167226/red-hat-security-advisory-2022-4668-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0785.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022050424"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166983/red-hat-security-advisory-2022-1739-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031428"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041272"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166275/red-hat-security-advisory-2022-0816-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1507"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051320"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0934"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032922"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032005"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1069"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1861"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1023"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166453/red-hat-security-advisory-2022-1053-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031020"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166414/red-hat-security-advisory-2022-1012-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042629"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060122"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031108"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2024"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022052423"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1579"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-26485"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-26386"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-26387"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26386"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26383"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26486"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26387"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26381"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-26384"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-26383"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26485"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-26486"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26384"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-26381"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1053"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/2974891"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0951"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0818"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0815"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0817"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415126"
          },
          {
            "db": "PACKETSTORM",
            "id": "166453"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          },
          {
            "db": "PACKETSTORM",
            "id": "166277"
          },
          {
            "db": "PACKETSTORM",
            "id": "166276"
          },
          {
            "db": "PACKETSTORM",
            "id": "166275"
          },
          {
            "db": "PACKETSTORM",
            "id": "166274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1315"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25235"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-415126",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166453",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169777",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166261",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166277",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166276",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166275",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166274",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1315",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25235",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415126",
            "ident": null
          },
          {
            "date": "2022-03-25T15:19:32",
            "db": "PACKETSTORM",
            "id": "166453",
            "ident": null
          },
          {
            "date": "2022-11-08T13:49:57",
            "db": "PACKETSTORM",
            "id": "169777",
            "ident": null
          },
          {
            "date": "2022-03-17T15:51:32",
            "db": "PACKETSTORM",
            "id": "166348",
            "ident": null
          },
          {
            "date": "2022-03-11T16:21:19",
            "db": "PACKETSTORM",
            "id": "166261",
            "ident": null
          },
          {
            "date": "2022-03-11T16:37:50",
            "db": "PACKETSTORM",
            "id": "166277",
            "ident": null
          },
          {
            "date": "2022-03-11T16:37:42",
            "db": "PACKETSTORM",
            "id": "166276",
            "ident": null
          },
          {
            "date": "2022-03-11T16:37:32",
            "db": "PACKETSTORM",
            "id": "166275",
            "ident": null
          },
          {
            "date": "2022-03-11T16:37:24",
            "db": "PACKETSTORM",
            "id": "166274",
            "ident": null
          },
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1315",
            "ident": null
          },
          {
            "date": "2022-02-16T01:15:07.607000",
            "db": "NVD",
            "id": "CVE-2022-25235",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415126",
            "ident": null
          },
          {
            "date": "2022-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1315",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:00.623000",
            "db": "NVD",
            "id": "CVE-2022-25235",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1315"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Expat Code injection vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1315"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "overflow, code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166453"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          },
          {
            "db": "PACKETSTORM",
            "id": "166277"
          },
          {
            "db": "PACKETSTORM",
            "id": "166276"
          },
          {
            "db": "PACKETSTORM",
            "id": "166275"
          },
          {
            "db": "PACKETSTORM",
            "id": "166274"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202201-0326

    Vulnerability from variot - Updated: 2026-04-10 22:03

    defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability is caused by a boundary error when defineAttribute in xmlparse.c handles untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . Description:

    Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10.

    For more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/):

    2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string

    1. References:

    https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Summary:

    The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

    Security Fix(es) from Bugzilla:

    • golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)

    • golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)

    • golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)

    • golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to install and use MTC, refer to:

    https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

    1. This update provides security fixes, bug fixes, and updates the container images. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

    Security updates:

    • golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

    • nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

    • imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)

    • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    Related bugs:

    • RHACM 2.4.3 image files (BZ #2057249)

    • Observability - dashboard name contains / would cause error when generating dashboard cm (BZ #2032128)

    • ACM application placement fails after renaming the application name (BZ

    2033051)

    • Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)

    • Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)

    • The value of name label changed from clusterclaim name to cluster name (BZ #2042223)

    • VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ

    2048500)

    • clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)

    • Application cluster status is not updated in UI after restoring (BZ

    2053279)

    • OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)

    • The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)

    • Subscriptions stop reconciling after channel secrets are recreated (BZ

    2059954)

    • Placementrule is not reconciling on a new fresh environment (BZ #2074156)

    • The cluster claimed from clusterpool cannot auto imported (BZ #2074543)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: expat security update Advisory ID: RHSA-2022:1069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1069 Issue date: 2022-03-28 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:

    An update for expat is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    Expat is a C library for parsing XML documents.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    ppc64: expat-2.1.0-14.el7_9.ppc.rpm expat-2.1.0-14.el7_9.ppc64.rpm expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-devel-2.1.0-14.el7_9.ppc.rpm expat-devel-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-2.1.0-14.el7_9.ppc64le.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-devel-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-2.1.0-14.el7_9.s390.rpm expat-2.1.0-14.el7_9.s390x.rpm expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-devel-2.1.0-14.el7_9.s390.rpm expat-devel-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-static-2.1.0-14.el7_9.ppc.rpm expat-static-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-static-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-static-2.1.0-14.el7_9.s390.rpm expat-static-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7 3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh WAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD jJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW TODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29 3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV kPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX 3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe 0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU 7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd oqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb Fq9o8PxEr0c=KN+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64

    3

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22824"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "167008"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-22824",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-22824",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-411550",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-22824",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22824",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-22824",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411550",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411550"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22824"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22824"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability is caused by a boundary error when defineAttribute in xmlparse.c handles untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nVersion 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. \n\nFor more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-41771\nhttps://access.redhat.com/security/cve/CVE-2021-41772\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-21426\nhttps://access.redhat.com/security/cve/CVE-2022-21434\nhttps://access.redhat.com/security/cve/CVE-2022-21443\nhttps://access.redhat.com/security/cve/CVE-2022-21449\nhttps://access.redhat.com/security/cve/CVE-2022-21476\nhttps://access.redhat.com/security/cve/CVE-2022-21496\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nFor\ndetails\nabout\nthe\nsecurity\nissues\nsee\nthese\nCVE\npages:\n*\nhttps://access.redhat.com/security/updates/classification/#low\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index\n\n6. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: Limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* golang: debug/macho: Invalid dynamic symbol table command can cause panic\n(CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: syscall: Don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. This update provides security fixes, bug\nfixes, and updates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature  authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: expat security update\nAdvisory ID:       RHSA-2022:1069-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1069\nIssue date:        2022-03-28\nCVE Names:         CVE-2021-45960 CVE-2021-46143 CVE-2022-22822\n                   CVE-2022-22823 CVE-2022-22824 CVE-2022-22825\n                   CVE-2022-22826 CVE-2022-22827 CVE-2022-23852\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for expat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library\nmust be restarted for the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nppc64:\nexpat-2.1.0-14.el7_9.ppc.rpm\nexpat-2.1.0-14.el7_9.ppc64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-devel-2.1.0-14.el7_9.ppc.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-2.1.0-14.el7_9.ppc64le.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-2.1.0-14.el7_9.s390.rpm\nexpat-2.1.0-14.el7_9.s390x.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-devel-2.1.0-14.el7_9.s390.rpm\nexpat-devel-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-static-2.1.0-14.el7_9.ppc.rpm\nexpat-static-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-static-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-static-2.1.0-14.el7_9.s390.rpm\nexpat-static-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7\n3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh\nWAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD\njJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW\nTODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29\n3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV\nkPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX\n3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe\n0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU\n7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd\noqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb\nFq9o8PxEr0c=KN+u\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22824"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411550"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "167008"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22824",
            "trust": 1.9
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-04541",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-411550",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411550"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "167008"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22824"
          }
        ]
      },
      "id": "VAR-202201-0326",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411550"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-04-10T22:03:54.341000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411550"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22824"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.2,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/libexpat/libexpat/pull/539"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41772"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41771"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21426"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21443"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21476"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1747"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21449"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21496"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21496"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21449"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21443"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21426"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21476"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25636"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22817"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1396"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1476"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1069"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0951"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411550"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "167008"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22824"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411550",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22824",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411550",
            "ident": null
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "date": "2022-05-10T14:49:09",
            "db": "PACKETSTORM",
            "id": "167008",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "date": "2022-05-05T17:35:22",
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "date": "2022-04-20T15:12:33",
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "date": "2022-04-21T15:12:25",
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "date": "2022-03-28T15:54:26",
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "date": "2022-03-17T15:51:32",
            "db": "PACKETSTORM",
            "id": "166348",
            "ident": null
          },
          {
            "date": "2022-01-10T14:12:56.567000",
            "db": "NVD",
            "id": "CVE-2022-22824",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411550",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:53.117000",
            "db": "NVD",
            "id": "CVE-2022-22824",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Gentoo Linux Security Advisory 202209-24",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168578"
          }
        ],
        "trust": 0.1
      },
      "type": {
        "_id": null,
        "data": "overflow, code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          }
        ],
        "trust": 0.2
      }
    }

    VAR-201401-0579

    Vulnerability from variot - Updated: 2026-04-10 21:58

    expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Expat is prone to multiple denial-of-service vulnerabilities. Successful exploits will allow attackers to consume large amounts of memory and cause a crash through specially crafted XML containing malicious attributes. Expat 2.1.0 and prior versions are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser.


    Gentoo Linux Security Advisory GLSA 201701-21


                                           https://security.gentoo.org/
    

    Severity: Normal Title: Expat: Multiple vulnerabilities Date: January 11, 2017 Bugs: #458742, #555642, #577928, #583268, #585510 ID: 201701-21


    Synopsis

    Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code.

    Background

    Expat is a set of XML parsing libraries.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.2.0-r1 >= 2.2.0-r1

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. This attack could also be used against automated systems that arbitrarily process XML files.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.2.0-r1"

    References

    [ 1 ] CVE-2012-6702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702 [ 2 ] CVE-2013-0340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340 [ 3 ] CVE-2015-1283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283 [ 4 ] CVE-2016-0718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718 [ 5 ] CVE-2016-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472 [ 6 ] CVE-2016-5300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/201701-21

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8

    watchOS 8 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212819.

    Accessory Manager Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: an anonymous researcher

    AppleMobileFileIntegrity Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to read sensitive information Description: This issue was addressed with improved checks. CVE-2021-30811: an anonymous researcher working with Compartir

    bootp Available for: Apple Watch Series 3 and later Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium) Entry added October 25, 2021

    CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab Entry added October 25, 2021

    FaceTime Available for: Apple Watch Series 3 and later Impact: An application with microphone permission may unexpectedly access microphone input during a FaceTime call Description: A logic issue was addressed with improved validation. CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime Entry added October 25, 2021

    FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021

    FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021

    FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab

    Foundation Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab Entry added October 25, 2021

    ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30814: hjy79425575 Entry added October 25, 2021

    ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab

    Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab

    libexpat Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher

    Preferences Available for: Apple Watch Series 3 and later Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

    Preferences Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

    Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021

    WebKit Available for: Apple Watch Series 3 and later Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: The issue was resolved with additional restrictions on CSS compositing. CVE-2021-30884: an anonymous researcher Entry added October 25, 2021

    WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research Entry added October 25, 2021

    WebKit Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. CVE-2021-30823: David Gullasch of Recurity Labs Entry added October 25, 2021

    WebKit Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs Entry added October 25, 2021

    WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30809: an anonymous researcher Entry added October 25, 2021

    WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30846: Sergei Glazunov of Google Project Zero

    WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30849: Sergei Glazunov of Google Project Zero

    WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30851: Samuel Groß of Google Project Zero

    Wi-Fi Available for: Apple Watch Series 3 and later Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher

    Additional recognition

    Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

    UIKit We would like to acknowledge an anonymous researcher for their assistance.

    Installation note:

    Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

    To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

    Alternatively, on your watch, select "My Watch > General > About".

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p rhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f Zz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+ cfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR DOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs 7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI YA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG mGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu W0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ 078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j i2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe 57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw= =mdve -----END PGP SIGNATURE-----

    . Apple is aware of a report that this issue may have been actively exploited. Entry added September 20, 2021

    CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021

    Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

    iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.7.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.6.0"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.8.12"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.6.15"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.9.0"
          },
          {
            "_id": null,
            "model": "ipados",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "14.8"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.7.12"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.0"
          },
          {
            "_id": null,
            "model": "watchos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.0"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.9.7"
          },
          {
            "_id": null,
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "14.8"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.8.0"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "expat",
            "version": "2.1.0"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.4"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "2.1.0"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.8"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.1"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.5"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.6"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.2"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.7"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "2.0.0"
          },
          {
            "_id": null,
            "model": "clark expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "james",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "clark expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "james",
            "version": "2.0.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "58233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0340"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:libexpat:expat",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Apple",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164692"
          },
          {
            "db": "PACKETSTORM",
            "id": "164249"
          },
          {
            "db": "PACKETSTORM",
            "id": "164242"
          },
          {
            "db": "PACKETSTORM",
            "id": "164236"
          },
          {
            "db": "PACKETSTORM",
            "id": "164234"
          }
        ],
        "trust": 0.5
      },
      "cve": "CVE-2013-0340",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2013-0340",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-60342",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-0340",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-0340",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201303-096",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-60342",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-0340",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-60342"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-0340"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0340"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Expat is prone to multiple denial-of-service vulnerabilities. \nSuccessful exploits will allow attackers to consume large amounts of memory and cause a crash through specially crafted XML containing malicious attributes. \nExpat 2.1.0 and prior versions are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201701-21\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Expat: Multiple vulnerabilities\n     Date: January 11, 2017\n     Bugs: #458742, #555642, #577928, #583268, #585510\n       ID: 201701-21\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Expat, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nExpat is a set of XML parsing libraries. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat              \u003c 2.2.0-r1               \u003e= 2.2.0-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details.  This attack could also\nbe used against automated systems that arbitrarily process XML files. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/expat-2.2.0-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-6702\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702\n[ 2 ] CVE-2013-0340\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340\n[ 3 ] CVE-2015-1283\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283\n[ 4 ] CVE-2016-0718\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718\n[ 5 ] CVE-2016-4472\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472\n[ 6 ] CVE-2016-5300\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-21\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-10-26-10 Additional information for\nAPPLE-SA-2021-09-20-2 watchOS 8\n\nwatchOS 8 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212819. \n\nAccessory Manager\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2021-30837: an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to read sensitive information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30811: an anonymous researcher working with Compartir\n\nbootp\nAvailable for: Apple Watch Series 3 and later\nImpact: A device may be passively tracked by its WiFi MAC address\nDescription: A user privacy issue was addressed by removing the\nbroadcast MAC address. \nCVE-2021-30866: Fabien Duch\u00eane of UCLouvain (Belgium)\nEntry added October 25, 2021\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a malicious audio file may result in unexpected\napplication termination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFaceTime\nAvailable for: Apple Watch Series 3 and later\nImpact: An application with microphone permission may unexpectedly\naccess microphone input during a FaceTime call\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\n\nFoundation\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nImageIO\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2021-30814: hjy79425575\nEntry added October 25, 2021\n\nImageIO\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30835: Ye Zhang of Baidu Security\nCVE-2021-30847: Mike Zhang of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\n\nlibexpat\nAvailable for: Apple Watch Series 3 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved checks. \nCVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Visiting a maliciously crafted website may reveal a user\u0027s\nbrowsing history\nDescription: The issue was resolved with additional restrictions on\nCSS compositing. \nCVE-2021-30884: an anonymous researcher\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nbypass HSTS\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30823: David Gullasch of Recurity Labs\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30809: an anonymous researcher\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30846: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30849: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30851: Samuel Gro\u00df of Google Project Zero\n\nWi-Fi\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in physical proximity may be able to force a user\nonto a malicious Wi-Fi network during device setup\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2021-30810: an anonymous researcher\n\nAdditional recognition\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p\nrhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f\nZz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+\ncfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR\nDOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs\n7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI\nYA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG\nmGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu\nW0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ\n078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j\ni2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe\n57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw=\n=mdve\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may have\nbeen actively exploited. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          },
          {
            "db": "BID",
            "id": "58233"
          },
          {
            "db": "VULHUB",
            "id": "VHN-60342"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-0340"
          },
          {
            "db": "PACKETSTORM",
            "id": "140431"
          },
          {
            "db": "PACKETSTORM",
            "id": "164692"
          },
          {
            "db": "PACKETSTORM",
            "id": "164249"
          },
          {
            "db": "PACKETSTORM",
            "id": "164242"
          },
          {
            "db": "PACKETSTORM",
            "id": "164236"
          },
          {
            "db": "PACKETSTORM",
            "id": "164234"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-0340",
            "trust": 3.5
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2013/04/12/6",
            "trust": 2.6
          },
          {
            "db": "OSVDB",
            "id": "90634",
            "trust": 2.6
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2013/02/22/3",
            "trust": 2.1
          },
          {
            "db": "BID",
            "id": "58233",
            "trust": 2.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/10/07/4",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1028213",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "164692",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-096",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164249",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3155",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2136",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6369.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3578",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5875",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092024",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052301",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "164689",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164693",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-60342",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-0340",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140431",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164242",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164236",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164234",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-60342"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-0340"
          },
          {
            "db": "BID",
            "id": "58233"
          },
          {
            "db": "PACKETSTORM",
            "id": "140431"
          },
          {
            "db": "PACKETSTORM",
            "id": "164692"
          },
          {
            "db": "PACKETSTORM",
            "id": "164249"
          },
          {
            "db": "PACKETSTORM",
            "id": "164242"
          },
          {
            "db": "PACKETSTORM",
            "id": "164236"
          },
          {
            "db": "PACKETSTORM",
            "id": "164234"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0340"
          }
        ]
      },
      "id": "VAR-201401-0579",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-60342"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T21:58:06.961000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://expat.sourceforge.net/"
          },
          {
            "title": "Debian CVElist Bug Report Logs: expat: CVE-2013-0340",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ed0a8ab828c24c20ec91625d054dc98d"
          },
          {
            "title": "IBM: Security Bulletin:  IBM HTTP Server is vulnerable to  denial of service due to libexpat  (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3f59486ef7ccf0e951141215c837feab"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1027f59d4cbfc61c314d392910ac817e"
          },
          {
            "title": "IBM: Security Bulletin:  IBM HTTP Server is vulnerable to  denial of service due to libexpat  (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6567dd4ebc135fb0a5163d77870109bf"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "gost",
            "trust": 0.1,
            "url": "https://github.com/vulsio/gost "
          },
          {
            "title": "gost",
            "trust": 0.1,
            "url": "https://github.com/knqyf263/gost "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2013-0340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-611",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-60342"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0340"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.6,
            "url": "http://www.osvdb.org/90634"
          },
          {
            "trust": 2.6,
            "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6"
          },
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/58233"
          },
          {
            "trust": 1.9,
            "url": "https://security.gentoo.org/glsa/201701-21"
          },
          {
            "trust": 1.8,
            "url": "http://securitytracker.com/id?1028213"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/sep/33"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/sep/34"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/sep/35"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/sep/38"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/sep/39"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/sep/40"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/oct/62"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/oct/63"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2021/oct/61"
          },
          {
            "trust": 1.8,
            "url": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3cannounce.apache.org%3e"
          },
          {
            "trust": 1.8,
            "url": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3cusers.openoffice.apache.org%3e"
          },
          {
            "trust": 1.8,
            "url": "http://openwall.com/lists/oss-security/2013/02/22/3"
          },
          {
            "trust": 1.8,
            "url": "http://www.openwall.com/lists/oss-security/2021/10/07/4"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht212804"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht212805"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht212807"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht212814"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht212815"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht212819"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/libexpat/libexpat/blob/r_2_4_1/expat/changes"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0340"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0340"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702@%3cusers.openoffice.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d@%3cannounce.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22010778"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052301"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3155"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6369.2"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht212815"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164249/apple-security-advisory-2021-09-20-8.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3578"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2136/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164692/apple-security-advisory-2021-10-26-10.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5875"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092024"
          },
          {
            "trust": 0.5,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
          },
          {
            "trust": 0.5,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
          },
          {
            "trust": 0.3,
            "url": "http://www.openwall.com/lists/oss-security/2013/02/22/3"
          },
          {
            "trust": 0.3,
            "url": "http://www.libexpat.org/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30854"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30837"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30810"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/kb/ht204641"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/ht212819."
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30811"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/611.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/vulsio/gost"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/knqyf263/gost"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001864"
          },
          {
            "trust": 0.1,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-http-server-is-vulnerable-to-denial-of-service-due-to-libexpat-cve-2022-43680-cve-2013-0340-cve-2017-9233/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6702"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0340"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5300"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6702"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5300"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1283"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4472"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1283"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0718"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4472"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30852"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30834"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30831"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30866"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht212805."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/itunes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30820"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht212807."
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht212815."
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-60342"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-0340"
          },
          {
            "db": "BID",
            "id": "58233"
          },
          {
            "db": "PACKETSTORM",
            "id": "140431"
          },
          {
            "db": "PACKETSTORM",
            "id": "164692"
          },
          {
            "db": "PACKETSTORM",
            "id": "164249"
          },
          {
            "db": "PACKETSTORM",
            "id": "164242"
          },
          {
            "db": "PACKETSTORM",
            "id": "164236"
          },
          {
            "db": "PACKETSTORM",
            "id": "164234"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0340"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-60342",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-0340",
            "ident": null
          },
          {
            "db": "BID",
            "id": "58233",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140431",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164692",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164249",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164242",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164236",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164234",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-096",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0340",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-01-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-60342",
            "ident": null
          },
          {
            "date": "2014-01-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-0340",
            "ident": null
          },
          {
            "date": "2013-02-21T00:00:00",
            "db": "BID",
            "id": "58233",
            "ident": null
          },
          {
            "date": "2017-01-11T18:55:11",
            "db": "PACKETSTORM",
            "id": "140431",
            "ident": null
          },
          {
            "date": "2021-10-28T14:58:43",
            "db": "PACKETSTORM",
            "id": "164692",
            "ident": null
          },
          {
            "date": "2021-09-22T16:35:10",
            "db": "PACKETSTORM",
            "id": "164249",
            "ident": null
          },
          {
            "date": "2021-09-22T16:30:10",
            "db": "PACKETSTORM",
            "id": "164242",
            "ident": null
          },
          {
            "date": "2021-09-22T16:24:22",
            "db": "PACKETSTORM",
            "id": "164236",
            "ident": null
          },
          {
            "date": "2021-09-22T16:22:32",
            "db": "PACKETSTORM",
            "id": "164234",
            "ident": null
          },
          {
            "date": "2013-02-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201303-096",
            "ident": null
          },
          {
            "date": "2014-01-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-005874",
            "ident": null
          },
          {
            "date": "2014-01-21T18:55:09.117000",
            "db": "NVD",
            "id": "CVE-2013-0340",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-60342",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-0340",
            "ident": null
          },
          {
            "date": "2013-02-21T00:00:00",
            "db": "BID",
            "id": "58233",
            "ident": null
          },
          {
            "date": "2023-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201303-096",
            "ident": null
          },
          {
            "date": "2014-01-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-005874",
            "ident": null
          },
          {
            "date": "2025-11-25T17:15:47.723000",
            "db": "NVD",
            "id": "CVE-2013-0340",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-096"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Expat Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005874"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-096"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201606-0135

    Vulnerability from variot - Updated: 2026-04-10 21:40

    The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. The Expat library is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. From: Marc Deslauriers marc.deslauriers@canonical.com Reply-To: Ubuntu Security security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: 57683228.8060901@canonical.com Subject: [USN-3013-1] XML-RPC for C and C++ vulnerabilities

    ============================================================================ Ubuntu Security Notice USN-3013-1 June 20, 2016

    xmlrpc-c vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 12.04 LTS

    Summary:

    Several security issues were fixed in XML-RPC for C and C++.

    Software Description: - xmlrpc-c: Lightweight RPC library based on XML and HTTP

    Details:

    It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702)

    It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300)

    Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. (CVE-2016-0718)

    It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. (CVE-2015-1283, CVE-2016-4472)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 12.04 LTS: libxmlrpc-c++4 1.16.33-3.1ubuntu5.2 libxmlrpc-core-c3 1.16.33-3.1ubuntu5.2

    After a standard system upgrade you need to restart any applications linked against XML-RPC for C and C++ to effect the necessary changes.

    References: http://www.ubuntu.com/usn/usn-3013-1 CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300

    Package Information: https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.2 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    [slackware-security] expat (SSA:2016-359-01)

    New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

    Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/expat-2.2.0-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues: Multiple integer overflows in XML_GetBuffer. Fix crash on malformed input. Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716. Use more entropy for hash initialization. Resolve troublesome internal call to srand. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/expat-2.2.0-i486-1_slack13.0.txz

    Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/expat-2.2.0-x86_64-1_slack13.0.txz

    Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/expat-2.2.0-i486-1_slack13.1.txz

    Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/expat-2.2.0-x86_64-1_slack13.1.txz

    Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/expat-2.2.0-i486-1_slack13.37.txz

    Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/expat-2.2.0-x86_64-1_slack13.37.txz

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.2.0-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.2.0-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.2.0-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.2.0-x86_64-1_slack14.1.txz

    Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.2.0-i586-1_slack14.2.txz

    Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.2.0-x86_64-1_slack14.2.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.2.0-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.2.0-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 package: d042603604cda3dedb7a75cb049071c8 expat-2.2.0-i486-1_slack13.0.txz

    Slackware x86_64 13.0 package: 4c57af80cc3ccd277a365f8053dabd9b expat-2.2.0-x86_64-1_slack13.0.txz

    Slackware 13.1 package: 649682e89895159e90c0775f056a5b2a expat-2.2.0-i486-1_slack13.1.txz

    Slackware x86_64 13.1 package: dc109e48fb07db4aa47caa912308dcee expat-2.2.0-x86_64-1_slack13.1.txz

    Slackware 13.37 package: a7893a356510073d213e08e6df41be6b expat-2.2.0-i486-1_slack13.37.txz

    Slackware x86_64 13.37 package: 31f42e6ef7be259413659497f473b499 expat-2.2.0-x86_64-1_slack13.37.txz

    Slackware 14.0 package: 3d5ab68ef82db833aa1b890372dfa789 expat-2.2.0-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: 7ab4d2d05f4695904a4e164f6093ea38 expat-2.2.0-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 3e9c111a338efb49ed9aa85322e7dfed expat-2.2.0-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 5ec656840cad0813deeb632ef659d97b expat-2.2.0-x86_64-1_slack14.1.txz

    Slackware 14.2 package: 770d5c370a923d7f1356bc81ceaaa3e9 expat-2.2.0-i586-1_slack14.2.txz

    Slackware x86_64 14.2 package: 0b44169d48b17e181cddd25c547a0258 expat-2.2.0-x86_64-1_slack14.2.txz

    Slackware -current package: bc2d54deb510e5a41845207133fc1a75 l/expat-2.2.0-i586-1.txz

    Slackware x86_64 -current package: 4bf858ad9d41159ce9fe624e47d58f21 l/expat-2.2.0-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg expat-2.2.0-i586-1_slack14.2.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----

    iEYEARECAAYFAlheyWsACgkQakRjwEAQIjMJEgCdGvDlJ8C+3ltr5itn+JG14cHF +LcAn28/PMS2G+iUvonpwOfWNoXPihFO =obXI -----END PGP SIGNATURE----- . Updated to the latest 2.7.x release. These issues were addressed by updating SQLite to version 3.15.2. These issues were addressed by updating expat to version 2.2.0. CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300

    iTunes for Windows 12.6 may be obtained from: https://www.apple.com/itunes/download/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

    iQIcBAEBCgAGBQJY0q70AAoJEIOj74w0bLRGSkMP/juCil9jOd3GKb9rdLJ25wph AzlDmTBM+u2Gl+jLP8J/K+xomx5QVPtaKRpZWqftxeSMZAZfrCje4nAStMAb2ECc ngBsAMLpBXUAsPNDTMwVQ9I1/CdZdwQHvS65aq0Q2n8mWqpDeQwlxsK5p2+m0LhR 2D0DWirJaoRTFMLboFF76o0OwdG86EfBG6fjfL9BLFnQ/pCV2Oj93EO39likuTCj zpHOMFJZCwedvU5/NVEQHjDSRT0NNY9rxUWPw/bK9jnN1NmweX1IO2DvA+q7vki1 AOxTZRlolIzp7VCI45vPJIl553MHcgN7AcXzY90+9GSD2ZP9NMCOuCjjFp+KiUyR jE8jBRwDcDLglWFXQRy1NblA8HA6IL30ip66FSlpF9D6FARPHJgjtzpWpRUxJBja GqPbdvvOGcLbKRPVoP/twbeGmZ+lu20Ywlk1OnMXcbNdipu0G80uwoHwrwdZ2l10 VvulWUGGoPc8/BSmJXf7hWJTkjGmDoaxIqT0LR1UrKmH7J3/1YXgVoWiHGy1TTLW Irj9JvLk4/2qw6MSuqMLWR7Z2RamaLpmBl3KgP3UbHM+Kv6hBjVMQrKHX/Bgu3K8 bWnObX6misAWDGvVXIE1h77sDRS2QLZE4XakjsYM2mqAZDOriVt9nghiABlNKrHi tgiUgDAYRJS9c71scLjv =NyIV -----END PGP SIGNATURE----- .


    Gentoo Linux Security Advisory GLSA 201701-21


                                           https://security.gentoo.org/
    

    Severity: Normal Title: Expat: Multiple vulnerabilities Date: January 11, 2017 Bugs: #458742, #555642, #577928, #583268, #585510 ID: 201701-21


    Synopsis

    Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code.

    Background

    Expat is a set of XML parsing libraries.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.2.0-r1 >= 2.2.0-r1

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    A remote attacker, by enticing a user to process a specially crafted XML file, could execute arbitrary code with the privileges of the process or cause a Denial of Service condition. This attack could also be used against automated systems that arbitrarily process XML files.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.2.0-r1"

    References

    [ 1 ] CVE-2012-6702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702 [ 2 ] CVE-2013-0340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340 [ 3 ] CVE-2015-1283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283 [ 4 ] CVE-2016-0718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718 [ 5 ] CVE-2016-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472 [ 6 ] CVE-2016-5300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/201701-21

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "google",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "google",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "google",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "google",
            "version": "4.4.4"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "google",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "15.10"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.2.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": null,
            "trust": 0.8,
            "vendor": "expat",
            "version": null
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": null
          },
          {
            "_id": null,
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0"
          },
          {
            "_id": null,
            "model": "iworkflow",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "big-iq security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "big-iq security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "big-iq device",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "big-iq device",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "big-iq cloud and orchestration",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "big-iq cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "big-iq cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "big-iq centralized management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "big-iq centralized management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "big-iq centralized management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.6"
          },
          {
            "_id": null,
            "model": "big-iq adc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "big-ip dns",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip dns",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "arx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "arx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "1.95.8"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "1.95.7"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "1.95.6"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "1.95.5"
          },
          {
            "_id": null,
            "model": "netezza analytics",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.3.0"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "expat",
            "version": "2.1.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "91159"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5300"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:debian:debian_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:libexpat:expat",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Daniel Micay",
        "sources": [
          {
            "db": "BID",
            "id": "91159"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-5300",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-5300",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-5300",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-5300",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-5300",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201606-146",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-5300",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2016-5300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5300"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. The Expat library is prone to a remote denial-of-service vulnerability. \nExploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. From: Marc Deslauriers \u003cmarc.deslauriers@canonical.com\u003e\nReply-To: Ubuntu Security \u003csecurity@ubuntu.com\u003e\nTo: ubuntu-security-announce@lists.ubuntu.com\nMessage-ID: \u003c57683228.8060901@canonical.com\u003e\nSubject: [USN-3013-1] XML-RPC for C and C++ vulnerabilities\n\n\n\n\n============================================================================\nUbuntu Security Notice USN-3013-1\nJune 20, 2016\n\nxmlrpc-c vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in XML-RPC for C and C++. \n\nSoftware Description:\n- xmlrpc-c: Lightweight RPC library based on XML and HTTP\n\nDetails:\n\nIt was discovered that the Expat code in XML-RPC for C and C++ unexpectedly\ncalled srand in certain circumstances. This could reduce the security of\ncalling applications. (CVE-2012-6702)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly\nhandled seeding the random number generator. A remote attacker could\npossibly use this issue to cause a denial of service. (CVE-2016-5300)\n\nGustavo Grieco discovered that the Expat code in XML-RPC for C and C++\nincorrectly handled malformed XML data. (CVE-2016-0718)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly\nhandled malformed XML data. \n(CVE-2015-1283, CVE-2016-4472)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  libxmlrpc-c++4                  1.16.33-3.1ubuntu5.2\n  libxmlrpc-core-c3               1.16.33-3.1ubuntu5.2\n\nAfter a standard system upgrade you need to restart any applications linked\nagainst XML-RPC for C and C++ to effect the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-3013-1\n  CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472,\n  CVE-2016-5300\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.2\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  expat (SSA:2016-359-01)\n\nNew expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/expat-2.2.0-i586-1_slack14.2.txz:  Upgraded. \n  This update fixes bugs and security issues:\n  Multiple integer overflows in XML_GetBuffer. \n  Fix crash on malformed input. \n  Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716. \n  Use more entropy for hash initialization. \n  Resolve troublesome internal call to srand. \n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/expat-2.2.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/expat-2.2.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/expat-2.2.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/expat-2.2.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/expat-2.2.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/expat-2.2.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.2.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.2.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.2.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.2.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.2.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.2.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.2.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.2.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\nd042603604cda3dedb7a75cb049071c8  expat-2.2.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n4c57af80cc3ccd277a365f8053dabd9b  expat-2.2.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n649682e89895159e90c0775f056a5b2a  expat-2.2.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndc109e48fb07db4aa47caa912308dcee  expat-2.2.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\na7893a356510073d213e08e6df41be6b  expat-2.2.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n31f42e6ef7be259413659497f473b499  expat-2.2.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3d5ab68ef82db833aa1b890372dfa789  expat-2.2.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7ab4d2d05f4695904a4e164f6093ea38  expat-2.2.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n3e9c111a338efb49ed9aa85322e7dfed  expat-2.2.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n5ec656840cad0813deeb632ef659d97b  expat-2.2.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n770d5c370a923d7f1356bc81ceaaa3e9  expat-2.2.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n0b44169d48b17e181cddd25c547a0258  expat-2.2.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nbc2d54deb510e5a41845207133fc1a75  l/expat-2.2.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4bf858ad9d41159ce9fe624e47d58f21  l/expat-2.2.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg expat-2.2.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlheyWsACgkQakRjwEAQIjMJEgCdGvDlJ8C+3ltr5itn+JG14cHF\n+LcAn28/PMS2G+iUvonpwOfWNoXPihFO\n=obXI\n-----END PGP SIGNATURE-----\n. \n  Updated to the latest 2.7.x release. These issues were\naddressed by updating SQLite to version 3.15.2. These issues were\naddressed by updating expat to version 2.2.0. \nCVE-2009-3270\nCVE-2009-3560\nCVE-2009-3720\nCVE-2012-1147\nCVE-2012-1148\nCVE-2012-6702\nCVE-2015-1283\nCVE-2016-0718\nCVE-2016-4472\nCVE-2016-5300\n\niTunes for Windows 12.6 may be obtained from:\nhttps://www.apple.com/itunes/download/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJY0q70AAoJEIOj74w0bLRGSkMP/juCil9jOd3GKb9rdLJ25wph\nAzlDmTBM+u2Gl+jLP8J/K+xomx5QVPtaKRpZWqftxeSMZAZfrCje4nAStMAb2ECc\nngBsAMLpBXUAsPNDTMwVQ9I1/CdZdwQHvS65aq0Q2n8mWqpDeQwlxsK5p2+m0LhR\n2D0DWirJaoRTFMLboFF76o0OwdG86EfBG6fjfL9BLFnQ/pCV2Oj93EO39likuTCj\nzpHOMFJZCwedvU5/NVEQHjDSRT0NNY9rxUWPw/bK9jnN1NmweX1IO2DvA+q7vki1\nAOxTZRlolIzp7VCI45vPJIl553MHcgN7AcXzY90+9GSD2ZP9NMCOuCjjFp+KiUyR\njE8jBRwDcDLglWFXQRy1NblA8HA6IL30ip66FSlpF9D6FARPHJgjtzpWpRUxJBja\nGqPbdvvOGcLbKRPVoP/twbeGmZ+lu20Ywlk1OnMXcbNdipu0G80uwoHwrwdZ2l10\nVvulWUGGoPc8/BSmJXf7hWJTkjGmDoaxIqT0LR1UrKmH7J3/1YXgVoWiHGy1TTLW\nIrj9JvLk4/2qw6MSuqMLWR7Z2RamaLpmBl3KgP3UbHM+Kv6hBjVMQrKHX/Bgu3K8\nbWnObX6misAWDGvVXIE1h77sDRS2QLZE4XakjsYM2mqAZDOriVt9nghiABlNKrHi\ntgiUgDAYRJS9c71scLjv\n=NyIV\n-----END PGP SIGNATURE-----\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201701-21\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Expat: Multiple vulnerabilities\n     Date: January 11, 2017\n     Bugs: #458742, #555642, #577928, #583268, #585510\n       ID: 201701-21\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Expat, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nExpat is a set of XML parsing libraries. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat              \u003c 2.2.0-r1               \u003e= 2.2.0-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker, by enticing a user to process a specially crafted\nXML file, could execute arbitrary code with the privileges of the\nprocess or cause a Denial of Service condition.  This attack could also\nbe used against automated systems that arbitrarily process XML files. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/expat-2.2.0-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-6702\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702\n[ 2 ] CVE-2013-0340\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340\n[ 3 ] CVE-2015-1283\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283\n[ 4 ] CVE-2016-0718\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718\n[ 5 ] CVE-2016-4472\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472\n[ 6 ] CVE-2016-5300\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-21\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          },
          {
            "db": "BID",
            "id": "91159"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5300"
          },
          {
            "db": "PACKETSTORM",
            "id": "137544"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "140275"
          },
          {
            "db": "PACKETSTORM",
            "id": "147507"
          },
          {
            "db": "PACKETSTORM",
            "id": "137540"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "140431"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5300",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "91159",
            "trust": 2.0
          },
          {
            "db": "TENABLE",
            "id": "TNS-2016-20",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2016/06/04/5",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2016/06/04/4",
            "trust": 1.7
          },
          {
            "db": "MCAFEE",
            "id": "SB10365",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2593",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5300",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137544",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141808",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140275",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "147507",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137540",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141796",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140431",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2016-5300"
          },
          {
            "db": "BID",
            "id": "91159"
          },
          {
            "db": "PACKETSTORM",
            "id": "137544"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "140275"
          },
          {
            "db": "PACKETSTORM",
            "id": "147507"
          },
          {
            "db": "PACKETSTORM",
            "id": "137540"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "140431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5300"
          }
        ]
      },
      "id": "VAR-201606-0135",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.4482951514285714
      },
      "last_update_date": "2026-04-10T21:40:47.435000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "DSA-3597",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2016/dsa-3597"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.libexpat.org/"
          },
          {
            "title": "Oracle Solaris Third Party Bulletin - July 2016",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "title": "Expat XML Fixup for resolver denial of service vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62210"
          },
          {
            "title": "Ubuntu Security Notice: expat vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3010-1"
          },
          {
            "title": "Red Hat: CVE-2016-5300",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-5300"
          },
          {
            "title": "Ubuntu Security Notice: xmlrpc-c vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3013-1"
          },
          {
            "title": "Apple: iTunes 12.6",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=a68da1048a006f5980c613c06ab6fbb6"
          },
          {
            "title": "Apple: iTunes 12.6 for Windows",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=a2320462745411a5547ed48fe868a9a6"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014November 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=29d79db4a6421689e55b5a9ce5d2aa60"
          },
          {
            "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-20"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2016-5300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5300"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.0,
            "url": "https://source.android.com/security/bulletin/2016-11-01.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/91159"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-3010-1"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/201701-21"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2016/06/04/5"
          },
          {
            "trust": 1.7,
            "url": "http://www.debian.org/security/2016/dsa-3597"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2016/06/04/4"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "trust": 1.7,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10365"
          },
          {
            "trust": 1.0,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5300"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5300"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5300"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6702"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4472"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2593"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1283"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343085"
          },
          {
            "trust": 0.3,
            "url": "http://expat.sourceforge.net/"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992933"
          },
          {
            "trust": 0.3,
            "url": "https://support.f5.com/kb/en-us/solutions/public/k/70/sol70938105.html?sr=59127075"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994401"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.2,
            "url": "https://gpgtools.org"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6153"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3415"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3270"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6607"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3560"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3416"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3717"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3414"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7443"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/itunes/download/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1147"
          },
          {
            "trust": 0.2,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0718"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4472"
          },
          {
            "trust": 0.2,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.2,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/399.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/3010-1/"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53129"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.2"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-3013-1"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1283"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6702"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9233"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1061"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9233"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9063"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1060"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9063"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1060"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1061"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.4"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.15.10.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/expat/2.1.0-4ubuntu1.3"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6702"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5300"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1283"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0718"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4472"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2016-5300"
          },
          {
            "db": "BID",
            "id": "91159"
          },
          {
            "db": "PACKETSTORM",
            "id": "137544"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "140275"
          },
          {
            "db": "PACKETSTORM",
            "id": "147507"
          },
          {
            "db": "PACKETSTORM",
            "id": "137540"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "140431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5300"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2016-5300",
            "ident": null
          },
          {
            "db": "BID",
            "id": "91159",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137544",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141808",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140275",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "147507",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137540",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141796",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140431",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5300",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-06-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-5300",
            "ident": null
          },
          {
            "date": "2016-06-07T00:00:00",
            "db": "BID",
            "id": "91159",
            "ident": null
          },
          {
            "date": "2016-06-21T00:20:59",
            "db": "PACKETSTORM",
            "id": "137544",
            "ident": null
          },
          {
            "date": "2017-03-24T14:54:06",
            "db": "PACKETSTORM",
            "id": "141808",
            "ident": null
          },
          {
            "date": "2016-12-25T13:15:00",
            "db": "PACKETSTORM",
            "id": "140275",
            "ident": null
          },
          {
            "date": "2018-05-05T13:13:00",
            "db": "PACKETSTORM",
            "id": "147507",
            "ident": null
          },
          {
            "date": "2016-06-21T00:20:27",
            "db": "PACKETSTORM",
            "id": "137540",
            "ident": null
          },
          {
            "date": "2017-03-23T16:22:29",
            "db": "PACKETSTORM",
            "id": "141796",
            "ident": null
          },
          {
            "date": "2017-01-11T18:55:11",
            "db": "PACKETSTORM",
            "id": "140431",
            "ident": null
          },
          {
            "date": "2016-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-146",
            "ident": null
          },
          {
            "date": "2016-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003284",
            "ident": null
          },
          {
            "date": "2016-06-16T18:59:10.547000",
            "db": "NVD",
            "id": "CVE-2016-5300",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-07-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-5300",
            "ident": null
          },
          {
            "date": "2017-03-29T10:10:00",
            "db": "BID",
            "id": "91159",
            "ident": null
          },
          {
            "date": "2021-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-146",
            "ident": null
          },
          {
            "date": "2016-11-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003284",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-5300",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "137544"
          },
          {
            "db": "PACKETSTORM",
            "id": "137540"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "_id": null,
        "data": "Expat of  XML Service disruption in parsers  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003284"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-146"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-0101

    Vulnerability from variot - Updated: 2026-03-09 23:05

    In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Expat is a fast streaming XML parser written in C. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: OpenShift Container Platform 4.11.0 extras and security update Advisory ID: RHSA-2022:5070-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:5070 Issue date: 2022-08-10 CVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18874 CVE-2019-19603 CVE-2019-20838 CVE-2020-13435 CVE-2020-14155 CVE-2020-24370 CVE-2020-28493 CVE-2021-3580 CVE-2021-3634 CVE-2021-3737 CVE-2021-4189 CVE-2021-20095 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-25219 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-38561 CVE-2021-40528 CVE-2021-42771 CVE-2022-0778 CVE-2022-1271 CVE-2022-1621 CVE-2022-1629 CVE-2022-1706 CVE-2022-1729 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24407 CVE-2022-24675 CVE-2022-24903 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-27191 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-29162 CVE-2022-29824 ==================================================================== 1. Summary:

    Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.

    This release includes a security update for Red Hat OpenShift Container Platform 4.11.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2022:5068

    Security Fix(es):

    • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
    • prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

    1. Solution:

    For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint 2042652 - Unable to deploy hw-event-proxy operator 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047308 - Remove metrics and events for master port offsets 2055049 - No pre-caching for NFD images 2055436 - nfd-master tracking the wrong api group 2055439 - nfd-master tracking the wrong api group (operand) 2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules 2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag 2062849 - hw event proxy is not binding on ipv6 local address 2066860 - Wrong spec in NFD documentation under operand 2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2067312 - PPT event source is lost when received by the consumer 2077243 - NFD os release label lost after upgrade to ocp 4.10.6 2087511 - NFD SkipRange is wrong causing OLM install problems 2089962 - Node feature Discovery operator installation failed. 2090774 - Add Readme to plugin directory 2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

    1. References:

    https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-18874 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-28493 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20095 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-42771 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-1706 https://access.redhat.com/security/cve/CVE-2022-1729 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYvOfLtzjgjWX9erEAQh7aQ//QAKxZilehv3o6x6Iw6VhjUan4BQK62o0 wOxUKHXbDxB+QT9oHOm2w0C1K1FOGrPcDlkOw9oIK5KS8gWUyNL5r2NjZ0FH0/wu oLIXIZ94BB5cIcpiQx7LtljFjDl0dp2/NlTV5KHKtZrCkm68/e4Xh35tYJK+NL1a 9hTqoXgH07TiUYhOORKig9Sa90tDodWWLs3M6pGri8SrOwUWXz7AuN0p2hD0AKNj 2UxAWrmviYLrNzmBEg9gIjZRF7D8cog/60Wu0cWT2GlRj1oFIv0Dj3KvTvQFq2gH JEOB+eNVlShqoXF8WTuJy358hVOO3ybeCO9M+w6jXJnM4tXttPp5J0CHuxc+SrH3 YfoqG/OaAuNz0r2ZwPj+LxL9isN0JtKvGZgZJIVi//1JWk1Jc9IAJrNJukqL6Nr9 iHojxb9Exk1EGllrpashh70KBZ+uTU94SctLeXyXIENuHq0pPGym6SbQfcnN3Ntq 8eOxHaBmY5uZPfTAuNFSmT+uK1Fia+IsbCZ/6a1A5VNR2zAk4LtGV8JbM/Vzwnwi cDFaurOrKAZRq6L9v6i2/DuNKUlaqoKCF8Mp1RyONTy1cxkb34Yzm189JPsqbM02 GDIdDSqVb8vMzdVjSoMmYJ3rBsMbB6pw+B8VbhIMcYkyC/TOZ8Z1uD/tnpGtUTgf eR+IlWwr9oE=ftiF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:

    The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

    Bug Fix(es):

    • Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216)

    • [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] (BZ#2091965)

    • MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step (BZ#2099856)

    • Correct DNS validation for destination namespace (BZ#2102231)

    • Deselecting all pvcs from UI still results in an attempted PVC transfer (BZ#2106073)

    • Solution:

    For details on how to install and use MTC, refer to:

    https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2082216 - Velero and Restic are using incorrect SCCs [OADP-BL] 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] 2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step 2102231 - Correct DNS validation for destination namespace 2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer

    1. JIRA issues fixed (https://issues.jboss.org/):

    MIG-1155 - Update to newer ansible runner image for hooks MIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1 MIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11


    1. Gentoo Linux Security Advisory GLSA 202209-24

                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Background

    Expat is a set of XML parsing libraries.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 .

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N Z0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E D3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK F50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9 /+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8 pBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX Olq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv TCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff JvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV tL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau mxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E= =MVQQ -----END PGP SIGNATURE----- . Description:

    Release osp-director-operator images

    Security Fix(es):

    • go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)
    • go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)
    • go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)
    • go-getter: command injection vulnerability [Important] (CVE-2022-26945)
    • golang.org/x/crypto: empty plaintext packet causes panic [Moderate] (CVE-2021-43565)
    • containerd: insufficiently restricted permissions on container root and plugin directories [Moderate] (CVE-2021-41103)

    • Solution:

    OSP 16.2 Release - OSP Director Operator Containers tech preview

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key 2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key 2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key 2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.5"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25314"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Siemens notified CISA of these vulnerabilities.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-25314",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-25314",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-415281",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-25314",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-25314",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-25314",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-1606",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-415281",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415281"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25314"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25314"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Expat is a fast streaming XML parser written in C. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.11.0 extras and security update\nAdvisory ID:       RHSA-2022:5070-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5070\nIssue date:        2022-08-10\nCVE Names:         CVE-2018-25032 CVE-2019-5827 CVE-2019-13750\n                   CVE-2019-13751 CVE-2019-17594 CVE-2019-17595\n                   CVE-2019-18218 CVE-2019-18874 CVE-2019-19603\n                   CVE-2019-20838 CVE-2020-13435 CVE-2020-14155\n                   CVE-2020-24370 CVE-2020-28493 CVE-2021-3580\n                   CVE-2021-3634 CVE-2021-3737 CVE-2021-4189\n                   CVE-2021-20095 CVE-2021-20231 CVE-2021-20232\n                   CVE-2021-23177 CVE-2021-25219 CVE-2021-31566\n                   CVE-2021-36084 CVE-2021-36085 CVE-2021-36086\n                   CVE-2021-36087 CVE-2021-38561 CVE-2021-40528\n                   CVE-2021-42771 CVE-2022-0778 CVE-2022-1271\n                   CVE-2022-1621 CVE-2022-1629 CVE-2022-1706\n                   CVE-2022-1729 CVE-2022-21698 CVE-2022-22576\n                   CVE-2022-23772 CVE-2022-23773 CVE-2022-23806\n                   CVE-2022-24407 CVE-2022-24675 CVE-2022-24903\n                   CVE-2022-24921 CVE-2022-25313 CVE-2022-25314\n                   CVE-2022-27191 CVE-2022-27774 CVE-2022-27776\n                   CVE-2022-27782 CVE-2022-28327 CVE-2022-29162\n                   CVE-2022-29824\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.11. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.11.0. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2022:5068\n\nSecurity Fix(es):\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2042536 - OCP 4.10:  nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint\n2042652 - Unable to deploy hw-event-proxy operator\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047308 - Remove metrics and events for master port offsets\n2055049 - No pre-caching for NFD images\n2055436 - nfd-master tracking the wrong api group\n2055439 - nfd-master tracking the wrong api group (operand)\n2057569 - nfd-worker: drop \u0027custom-\u0027 prefix from matchFeatures custom rules\n2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag\n2062849 - hw event proxy is not binding on ipv6 local address\n2066860 - Wrong spec in NFD documentation under `operand`\n2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2067312 - PPT event source is lost when received by the consumer\n2077243 - NFD os release label lost after upgrade to ocp 4.10.6\n2087511 - NFD SkipRange is wrong causing OLM install problems\n2089962 - Node feature Discovery operator installation failed. \n2090774 - Add Readme to plugin directory\n2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-18874\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-28493\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3634\nhttps://access.redhat.com/security/cve/CVE-2021-3737\nhttps://access.redhat.com/security/cve/CVE-2021-4189\nhttps://access.redhat.com/security/cve/CVE-2021-20095\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-25219\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2021-42771\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-1706\nhttps://access.redhat.com/security/cve/CVE-2022-1729\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-24903\nhttps://access.redhat.com/security/cve/CVE-2022-24921\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-29162\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYvOfLtzjgjWX9erEAQh7aQ//QAKxZilehv3o6x6Iw6VhjUan4BQK62o0\nwOxUKHXbDxB+QT9oHOm2w0C1K1FOGrPcDlkOw9oIK5KS8gWUyNL5r2NjZ0FH0/wu\noLIXIZ94BB5cIcpiQx7LtljFjDl0dp2/NlTV5KHKtZrCkm68/e4Xh35tYJK+NL1a\n9hTqoXgH07TiUYhOORKig9Sa90tDodWWLs3M6pGri8SrOwUWXz7AuN0p2hD0AKNj\n2UxAWrmviYLrNzmBEg9gIjZRF7D8cog/60Wu0cWT2GlRj1oFIv0Dj3KvTvQFq2gH\nJEOB+eNVlShqoXF8WTuJy358hVOO3ybeCO9M+w6jXJnM4tXttPp5J0CHuxc+SrH3\nYfoqG/OaAuNz0r2ZwPj+LxL9isN0JtKvGZgZJIVi//1JWk1Jc9IAJrNJukqL6Nr9\niHojxb9Exk1EGllrpashh70KBZ+uTU94SctLeXyXIENuHq0pPGym6SbQfcnN3Ntq\n8eOxHaBmY5uZPfTAuNFSmT+uK1Fia+IsbCZ/6a1A5VNR2zAk4LtGV8JbM/Vzwnwi\ncDFaurOrKAZRq6L9v6i2/DuNKUlaqoKCF8Mp1RyONTy1cxkb34Yzm189JPsqbM02\nGDIdDSqVb8vMzdVjSoMmYJ3rBsMbB6pw+B8VbhIMcYkyC/TOZ8Z1uD/tnpGtUTgf\neR+IlWwr9oE=ftiF\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nBug Fix(es):\n\n* Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216)\n\n* [MTC] Migrations gets stuck at StageBackup stage for indirect runs\n[OADP-BL] (BZ#2091965)\n\n* MTC: 1.7.1 on OCP 4.6: UI is stuck in \"Discovering persistent volumes\nattached to source projects\" step (BZ#2099856)\n\n* Correct DNS validation for destination namespace (BZ#2102231)\n\n* Deselecting all pvcs from UI still results in an attempted PVC transfer\n(BZ#2106073)\n\n3. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2082216 - Velero and Restic are using incorrect SCCs [OADP-BL]\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL]\n2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in \"Discovering persistent volumes attached to source projects\" step\n2102231 - Correct DNS validation for destination namespace\n2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMIG-1155 - Update to newer ansible runner image for hooks\nMIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1\nMIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n=========\nExpat is a set of XML parsing libraries. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u3. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u2. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N\nZ0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E\nD3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK\nF50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9\n/+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8\npBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX\nOlq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv\nTCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff\nJvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV\ntL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau\nmxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E=\n=MVQQ\n-----END PGP SIGNATURE-----\n. Description:\n\nRelease osp-director-operator images\n\nSecurity Fix(es):\n\n* go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)\n* go-getter: command injection vulnerability [Important] (CVE-2022-26945)\n* golang.org/x/crypto: empty plaintext packet causes panic [Moderate]\n(CVE-2021-43565)\n* containerd: insufficiently restricted permissions on container root and\nplugin directories [Moderate] (CVE-2021-41103)\n\n3. Solution:\n\nOSP 16.2 Release - OSP Director Operator Containers tech preview\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)\n2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)\n2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)\n2092928 - CVE-2022-26945 go-getter: command injection vulnerability\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key\n2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key\n2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key\n2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25314"
          },
          {
            "db": "VULHUB",
            "id": "VHN-415281"
          },
          {
            "db": "PACKETSTORM",
            "id": "168036"
          },
          {
            "db": "PACKETSTORM",
            "id": "167956"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "167778"
          },
          {
            "db": "PACKETSTORM",
            "id": "168352"
          },
          {
            "db": "PACKETSTORM",
            "id": "167984"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-25314",
            "trust": 2.4
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/02/19/1",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167778",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168022",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168265",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167671",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168054",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166254",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167853",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167985",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168228",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169777",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168351",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031502",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072010",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022061722",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072127",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070641",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060122",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031406",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022109",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070538",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051320",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072631",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022411",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022071342",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0934",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3982",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3554",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4744",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5749",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4460",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4568",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3224",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3644",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3873",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4601",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4324",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0785.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3821",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2607",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "167984",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "167845",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167648",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167838",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-18353",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-415281",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168036",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167956",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169228",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168352",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415281"
          },
          {
            "db": "PACKETSTORM",
            "id": "168036"
          },
          {
            "db": "PACKETSTORM",
            "id": "167956"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "167778"
          },
          {
            "db": "PACKETSTORM",
            "id": "168352"
          },
          {
            "db": "PACKETSTORM",
            "id": "167984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25314"
          }
        ]
      },
      "id": "VAR-202202-0101",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415281"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T23:05:37.731000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Expat Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183671"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415281"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25314"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5085"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/560"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072631"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031406"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-25314/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022071342"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022411"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167853/red-hat-security-advisory-2022-5531-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051320"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0934"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3982"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3224"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167985/red-hat-security-advisory-2022-5909-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3644"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3821"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070641"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072127"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168228/red-hat-security-advisory-2022-6290-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022109"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167671/red-hat-security-advisory-2022-5244-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4460"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060122"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168351/red-hat-security-advisory-2022-6430-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031502"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070538"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168022/red-hat-security-advisory-2022-6024-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0785.2"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168054/red-hat-security-advisory-2022-6040-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3554"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3873"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168265/red-hat-security-advisory-2022-6346-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166254/ubuntu-security-notice-usn-5320-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167778/red-hat-security-advisory-2022-5673-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4601"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4744"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-40528"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-27776"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-27774"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1629"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1621"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-27782"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22576"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-4189"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3634"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3737"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-25032"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-28327"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20095"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-38561"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-42771"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-25219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28493"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24675"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5068"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24921"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29162"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21698"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1706"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18874"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5070"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23773"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29526"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1365"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1000858"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41617"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27666"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13050"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41103"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:4991"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26945"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30321"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3737"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/containers"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4189"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26945"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30322"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30323"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41103"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15586"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8559"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1897"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1927"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2526"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2097"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28500"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0686"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32206"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32208"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23337"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1292"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0639"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6429"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30631"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0512"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1650"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5908"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-34169"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21540"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21540"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21541"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21541"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415281"
          },
          {
            "db": "PACKETSTORM",
            "id": "168036"
          },
          {
            "db": "PACKETSTORM",
            "id": "167956"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "167778"
          },
          {
            "db": "PACKETSTORM",
            "id": "168352"
          },
          {
            "db": "PACKETSTORM",
            "id": "167984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25314"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-415281",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168036",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "167956",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169228",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "167778",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168352",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "167984",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25314",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-02-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415281",
            "ident": null
          },
          {
            "date": "2022-08-10T15:54:58",
            "db": "PACKETSTORM",
            "id": "168036",
            "ident": null
          },
          {
            "date": "2022-08-04T14:49:41",
            "db": "PACKETSTORM",
            "id": "167956",
            "ident": null
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169228",
            "ident": null
          },
          {
            "date": "2022-07-21T20:26:52",
            "db": "PACKETSTORM",
            "id": "167778",
            "ident": null
          },
          {
            "date": "2022-09-13T15:42:14",
            "db": "PACKETSTORM",
            "id": "168352",
            "ident": null
          },
          {
            "date": "2022-08-05T14:51:51",
            "db": "PACKETSTORM",
            "id": "167984",
            "ident": null
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1606",
            "ident": null
          },
          {
            "date": "2022-02-18T05:15:08.187000",
            "db": "NVD",
            "id": "CVE-2022-25314",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415281",
            "ident": null
          },
          {
            "date": "2022-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1606",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:01.450000",
            "db": "NVD",
            "id": "CVE-2022-25314",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Expat Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1606"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-0114

    Vulnerability from variot - Updated: 2026-03-09 22:58

    xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Expat ( alias libexpat) Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a security vulnerability before Expat2.4.5, which can be exploited by an attacker to insert a namespace separator into a namespace URI. Summary:

    The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

    1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

    1. Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. This update provides security fixes, bug fixes, and updates the container images. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

    Security updates:

    • golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

    • nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

    • imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)

    • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    Related bugs:

    • RHACM 2.4.3 image files (BZ #2057249)

    • Observability - dashboard name contains / would cause error when generating dashboard cm (BZ #2032128)

    • ACM application placement fails after renaming the application name (BZ

    2033051)

    • Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)

    • Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)

    • The value of name label changed from clusterclaim name to cluster name (BZ #2042223)

    • VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ

    2048500)

    • clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)

    • Application cluster status is not updated in UI after restoring (BZ

    2053279)

    • OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)

    • The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)

    • Subscriptions stop reconciling after channel secrets are recreated (BZ

    2059954)

    • Placementrule is not reconciling on a new fresh environment (BZ #2074156)

    • The cluster claimed from clusterpool cannot auto imported (BZ #2074543)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported

    1. 6 ELS) - i386, s390x, x86_64

    2. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

    Bug Fix(es):

    • RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409)

    • Description:

    Expat is a C library for parsing XML documents. 8) - aarch64, ppc64le, s390x, x86_64

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: thunderbird security update Advisory ID: RHSA-2022:0850-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0850 Issue date: 2022-03-14 CVE Names: CVE-2022-0566 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 =====================================================================

    1. Summary:

    An update for thunderbird is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 91.7.0.

    Security Fix(es):

    • Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)

    • Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)

    • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

    • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)

    • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

    • Mozilla: Use-after-free in text reflows (CVE-2022-26381)

    • Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)

    • Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)

    • Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)

    • thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566)

    • Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    All running instances of Thunderbird must be restarted for the update to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2055591 - CVE-2022-0566 thunderbird: Crafted email could trigger an out-of-bounds write 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: thunderbird-91.7.0-2.el7_9.src.rpm

    x86_64: thunderbird-91.7.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    Source: thunderbird-91.7.0-2.el7_9.src.rpm

    ppc64le: thunderbird-91.7.0-2.el7_9.ppc64le.rpm thunderbird-debuginfo-91.7.0-2.el7_9.ppc64le.rpm

    x86_64: thunderbird-91.7.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: thunderbird-91.7.0-2.el7_9.src.rpm

    x86_64: thunderbird-91.7.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-0566 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYi9as9zjgjWX9erEAQi0VA/8DmqELriNmt2kTcKBgMz/PkowFKQVVLE9 Z4xLkVnFBjSYiHsyXBwFlNBJPK1ywvizchEFsj3hkv7+05xJTGLjrvyEaGquYv36 ol+Yrq5hzVATmfC9AivXQLew4+10cqBX5Hl/KoxIsLmn1k+7K0OV5PUo41WaYIYn znNLekFIYpWBe6HmqEs7eErS9TGR6t91o/4iUd2p4LgxEMmJhcZ32clA0k2sWQoC t96wqwaFdYo7SWekWEIsjLu9TjXCZ2QITzxA1gQG0ZymWuaOhpSCoaeu7O3KGy9E j9D5UhAGmWxSWiSMJ2+AP4E4t4CXJ5poE9+T3hgsevt9Lr24Cr9QK77w6/gxpLpj /zuR86oImk/FcnTBE+EY5TNgpPusbMQXZHD0OfmxRqO3TZn8n0mURRBgxkJJPpkb AJX93daJu2FQyRQBRi/WQKbBpi8VKZpmdVIP8i/ZujiKWDzYuwnij4o0/JOTnH5P agTu9G32WnAemVXUK6IlNZamM6IODof4uY7L1A1AtQkpDSzIQ5PpHbxEgtp0NqDO tTBogkwaB3Mkvme2fZ6wu2ALaaJuhnDrA332gITVz9tQ6TJL/M3Z1f0X4007yTSH uPebIvMc7O15OJL1AI7U29MitAXTDqkWoSP8ECMli7w1Ro3cBr/VNQicmkZZyJ3h A8Mb2SG3B+I= =7pc/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.5"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": null,
            "trust": 0.8,
            "vendor": "libexpat",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "_id": null,
            "model": "oracle http server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25236"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166703"
          },
          {
            "db": "PACKETSTORM",
            "id": "166638"
          },
          {
            "db": "PACKETSTORM",
            "id": "166500"
          },
          {
            "db": "PACKETSTORM",
            "id": "166298"
          },
          {
            "db": "PACKETSTORM",
            "id": "166293"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2022-25236",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-25236",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-415127",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-25236",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-25236",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-25236",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-25236",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-25236",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "VULHUB",
                "id": "VHN-415127",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25236"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25236"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Expat ( alias libexpat) Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a security vulnerability before Expat2.4.5, which can be exploited by an attacker to insert a namespace separator into a namespace URI. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. This update provides security fixes, bug\nfixes, and updates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature  authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. 6 ELS) - i386, s390x, x86_64\n\n3. \nThese packages include redhat-release-virtualization-host. \nRHVH features a Cockpit user interface for monitoring the host\u0027s resources\nand performing administrative tasks. \n\nBug Fix(es):\n\n* RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409)\n\n4. Description:\n\nExpat is a C library for parsing XML documents. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: thunderbird security update\nAdvisory ID:       RHSA-2022:0850-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0850\nIssue date:        2022-03-14\nCVE Names:         CVE-2022-0566 CVE-2022-25235 CVE-2022-25236 \n                   CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 \n                   CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 \n                   CVE-2022-26485 CVE-2022-26486 \n=====================================================================\n\n1. Summary:\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nMozilla Thunderbird is a standalone mail and newsgroup client. \n\nThis update upgrades Thunderbird to version 91.7.0. \n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)\n\n* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* Mozilla: Use-after-free in text reflows (CVE-2022-26381)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)\n\n* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)\n\n* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n(CVE-2022-26387)\n\n* thunderbird: Crafted email could trigger an out-of-bounds write\n(CVE-2022-0566)\n\n* Mozilla: Temporary files downloaded to /tmp and accessible by other local\nusers (CVE-2022-26386)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2055591 - CVE-2022-0566 thunderbird: Crafted email could trigger an out-of-bounds write\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework\n2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing\n2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode\n2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass\n2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows\n2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nthunderbird-91.7.0-2.el7_9.src.rpm\n\nx86_64:\nthunderbird-91.7.0-2.el7_9.x86_64.rpm\nthunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nSource:\nthunderbird-91.7.0-2.el7_9.src.rpm\n\nppc64le:\nthunderbird-91.7.0-2.el7_9.ppc64le.rpm\nthunderbird-debuginfo-91.7.0-2.el7_9.ppc64le.rpm\n\nx86_64:\nthunderbird-91.7.0-2.el7_9.x86_64.rpm\nthunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nthunderbird-91.7.0-2.el7_9.src.rpm\n\nx86_64:\nthunderbird-91.7.0-2.el7_9.x86_64.rpm\nthunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-0566\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/cve/CVE-2022-26381\nhttps://access.redhat.com/security/cve/CVE-2022-26383\nhttps://access.redhat.com/security/cve/CVE-2022-26384\nhttps://access.redhat.com/security/cve/CVE-2022-26386\nhttps://access.redhat.com/security/cve/CVE-2022-26387\nhttps://access.redhat.com/security/cve/CVE-2022-26485\nhttps://access.redhat.com/security/cve/CVE-2022-26486\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYi9as9zjgjWX9erEAQi0VA/8DmqELriNmt2kTcKBgMz/PkowFKQVVLE9\nZ4xLkVnFBjSYiHsyXBwFlNBJPK1ywvizchEFsj3hkv7+05xJTGLjrvyEaGquYv36\nol+Yrq5hzVATmfC9AivXQLew4+10cqBX5Hl/KoxIsLmn1k+7K0OV5PUo41WaYIYn\nznNLekFIYpWBe6HmqEs7eErS9TGR6t91o/4iUd2p4LgxEMmJhcZ32clA0k2sWQoC\nt96wqwaFdYo7SWekWEIsjLu9TjXCZ2QITzxA1gQG0ZymWuaOhpSCoaeu7O3KGy9E\nj9D5UhAGmWxSWiSMJ2+AP4E4t4CXJ5poE9+T3hgsevt9Lr24Cr9QK77w6/gxpLpj\n/zuR86oImk/FcnTBE+EY5TNgpPusbMQXZHD0OfmxRqO3TZn8n0mURRBgxkJJPpkb\nAJX93daJu2FQyRQBRi/WQKbBpi8VKZpmdVIP8i/ZujiKWDzYuwnij4o0/JOTnH5P\nagTu9G32WnAemVXUK6IlNZamM6IODof4uY7L1A1AtQkpDSzIQ5PpHbxEgtp0NqDO\ntTBogkwaB3Mkvme2fZ6wu2ALaaJuhnDrA332gITVz9tQ6TJL/M3Z1f0X4007yTSH\nuPebIvMc7O15OJL1AI7U29MitAXTDqkWoSP8ECMli7w1Ro3cBr/VNQicmkZZyJ3h\nA8Mb2SG3B+I=\n=7pc/\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476"
          },
          {
            "db": "VULHUB",
            "id": "VHN-415127"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166703"
          },
          {
            "db": "PACKETSTORM",
            "id": "166638"
          },
          {
            "db": "PACKETSTORM",
            "id": "166500"
          },
          {
            "db": "PACKETSTORM",
            "id": "166298"
          },
          {
            "db": "PACKETSTORM",
            "id": "166293"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-25236",
            "trust": 3.5
          },
          {
            "db": "PACKETSTORM",
            "id": "167238",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/02/19/1",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-278-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97425465",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166293",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166500",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166298",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166277",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167226",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166276",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166505",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166296",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166453",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166983",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166254",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166954",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166261",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166275",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169777",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166291",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166414",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166300",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166274",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-18357",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-415127",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166703",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166638",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415127"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166703"
          },
          {
            "db": "PACKETSTORM",
            "id": "166638"
          },
          {
            "db": "PACKETSTORM",
            "id": "166500"
          },
          {
            "db": "PACKETSTORM",
            "id": "166298"
          },
          {
            "db": "PACKETSTORM",
            "id": "166293"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25236"
          }
        ]
      },
      "id": "VAR-202202-0114",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415127"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T22:58:30.216000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "hitachi-sec-2023-204",
            "trust": 0.8,
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-668",
            "trust": 1.1
          },
          {
            "problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25236"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5085"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/167238/zoom-xmpp-stanza-smuggling-remote-code-execution.html"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/libexpat/libexpat/pull/561"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97425465/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26485"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26386"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26387"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26386"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26383"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26486"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26387"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26381"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26384"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26383"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26485"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26486"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26384"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26381"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22817"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1396"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1039"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1476"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24450"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1309"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4083"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45417"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-45417"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/2974891"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1263"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4083"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0850"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415127"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166703"
          },
          {
            "db": "PACKETSTORM",
            "id": "166638"
          },
          {
            "db": "PACKETSTORM",
            "id": "166500"
          },
          {
            "db": "PACKETSTORM",
            "id": "166298"
          },
          {
            "db": "PACKETSTORM",
            "id": "166293"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25236"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-415127",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166703",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166638",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166500",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166298",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166293",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25236",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415127",
            "ident": null
          },
          {
            "date": "2022-04-20T15:12:33",
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "date": "2022-03-24T14:40:17",
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "date": "2022-04-21T15:12:25",
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "date": "2022-04-12T18:00:30",
            "db": "PACKETSTORM",
            "id": "166703",
            "ident": null
          },
          {
            "date": "2022-04-07T16:39:57",
            "db": "PACKETSTORM",
            "id": "166638",
            "ident": null
          },
          {
            "date": "2022-03-28T15:55:03",
            "db": "PACKETSTORM",
            "id": "166500",
            "ident": null
          },
          {
            "date": "2022-03-14T18:51:13",
            "db": "PACKETSTORM",
            "id": "166298",
            "ident": null
          },
          {
            "date": "2022-03-14T18:48:38",
            "db": "PACKETSTORM",
            "id": "166293",
            "ident": null
          },
          {
            "date": "2023-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003476",
            "ident": null
          },
          {
            "date": "2022-02-16T01:15:07.650000",
            "db": "NVD",
            "id": "CVE-2022-25236",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415127",
            "ident": null
          },
          {
            "date": "2023-10-10T06:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003476",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:01.050000",
            "db": "NVD",
            "id": "CVE-2022-25236",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Expat\u00a0 Vulnerability in leaking resources to the wrong area in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003476"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "overflow, code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166703"
          },
          {
            "db": "PACKETSTORM",
            "id": "166638"
          },
          {
            "db": "PACKETSTORM",
            "id": "166500"
          },
          {
            "db": "PACKETSTORM",
            "id": "166298"
          },
          {
            "db": "PACKETSTORM",
            "id": "166293"
          }
        ],
        "trust": 0.5
      }
    }

    VAR-202202-0081

    Vulnerability from variot - Updated: 2026-03-09 22:35

    In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-5085-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2022 https://www.debian.org/security/faq


    Package : expat CVE ID : CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 Debian Bug : 1005894 1005895

    Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N Z0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E D3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK F50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9 /+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8 pBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX Olq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv TCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff JvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV tL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau mxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E= =MVQQ -----END PGP SIGNATURE----- . Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

    Security updates:

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    Bug fix:

    • RHACM 2.3.8 images (Bugzilla #2062316)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images

    1. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. After installing the updated packages, the httpd daemon will be restarted automatically. 8) - noarch

    2. Description:

    Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW.

    The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8).

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 8.2) - aarch64, ppc64le, s390x, x86_64

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2022:0824-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0824 Issue date: 2022-03-10 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 =====================================================================

    1. Summary:

    An update for firefox is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

    This update upgrades Firefox to version 91.7.0 ESR.

    Security Fix(es):

    • Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)

    • Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)

    • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

    • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)

    • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

    • Mozilla: Use-after-free in text reflows (CVE-2022-26381)

    • Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)

    • Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)

    • Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)

    • Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    • Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190)

    • Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the update, Firefox must be restarted for the changes to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: firefox-91.7.0-3.el7_9.src.rpm

    x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: firefox-91.7.0-3.el7_9.i686.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: firefox-91.7.0-3.el7_9.src.rpm

    ppc64: firefox-91.7.0-3.el7_9.ppc64.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm

    ppc64le: firefox-91.7.0-3.el7_9.ppc64le.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm

    s390x: firefox-91.7.0-3.el7_9.s390x.rpm firefox-debuginfo-91.7.0-3.el7_9.s390x.rpm

    x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    x86_64: firefox-91.7.0-3.el7_9.i686.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: firefox-91.7.0-3.el7_9.src.rpm

    x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: firefox-91.7.0-3.el7_9.i686.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#critical

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz 8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S PzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R 2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf ew6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9 SUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM 14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93 vs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL c8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky zEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x Lu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+ bKcbZLzdIk8= =OOuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.5"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25315"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166414"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166505"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-25315",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-25315",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-415282",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-25315",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-25315",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-25315",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-1615",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-415282",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-25315",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415282"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-25315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25315"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25315"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5085-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nFebruary 22, 2022                     https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : expat\nCVE ID         : CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314\n                 CVE-2022-25315\nDebian Bug     : 1005894 1005895\n\nSeveral vulnerabilities have been discovered in Expat, an XML parsing C\nlibrary, which could result in denial of service or potentially the\nexecution of arbitrary code, if a malformed XML file is processed. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u3. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u2. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N\nZ0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E\nD3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK\nF50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9\n/+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8\npBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX\nOlq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv\nTCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff\nJvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV\ntL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau\nmxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E=\n=MVQQ\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. After installing the updated packages, the\nhttpd daemon will be restarted automatically. 8) - noarch\n\n3. Description:\n\nExpat is a C library for parsing XML documents. The mingw-expat packages\nprovide a port of the Expat library for MinGW. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-expat (2.4.8). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: firefox security and bug fix update\nAdvisory ID:       RHSA-2022:0824-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0824\nIssue date:        2022-03-10\nCVE Names:         CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 \n                   CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 \n                   CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 \n                   CVE-2022-26486 \n=====================================================================\n\n1. Summary:\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. \n\nThis update upgrades Firefox to version 91.7.0 ESR. \n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)\n\n* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* Mozilla: Use-after-free in text reflows (CVE-2022-26381)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)\n\n* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)\n\n* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n(CVE-2022-26387)\n\n* Mozilla: Temporary files downloaded to /tmp and accessible by other local\nusers (CVE-2022-26386)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks\ncannot be used any more (BZ#2030190)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework\n2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing\n2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode\n2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass\n2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows\n2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nppc64:\nfirefox-91.7.0-3.el7_9.ppc64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm\n\nppc64le:\nfirefox-91.7.0-3.el7_9.ppc64le.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm\n\ns390x:\nfirefox-91.7.0-3.el7_9.s390x.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.s390x.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/cve/CVE-2022-26381\nhttps://access.redhat.com/security/cve/CVE-2022-26383\nhttps://access.redhat.com/security/cve/CVE-2022-26384\nhttps://access.redhat.com/security/cve/CVE-2022-26386\nhttps://access.redhat.com/security/cve/CVE-2022-26387\nhttps://access.redhat.com/security/cve/CVE-2022-26485\nhttps://access.redhat.com/security/cve/CVE-2022-26486\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz\n8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S\nPzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R\n2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf\new6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9\nSUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM\n14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93\nvs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL\nc8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky\nzEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x\nLu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+\nbKcbZLzdIk8=\n=OOuA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25315"
          },
          {
            "db": "VULHUB",
            "id": "VHN-415282"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-25315"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "166414"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166505"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-25315",
            "trust": 2.5
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.8
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/02/19/1",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169777",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166414",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "167226",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166296",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166500",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166453",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166983",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166254",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166954",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166275",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031502",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022040715",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022050424",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070605",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032224",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032922",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022030855",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031020",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060122",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031406",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032005",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022109",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051320",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072710",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022411",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022061722",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072607",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041272",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0934",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5749",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5666",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1507",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0946",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1579",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0785.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1295",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1023",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1069",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2607",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2476",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166703",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166638",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166505",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166261",
            "trust": 0.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-18355",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166277",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166293",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166276",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166298",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166291",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166300",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166274",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-415282",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-25315",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169228",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415282"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-25315"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "166414"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166505"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25315"
          }
        ]
      },
      "id": "VAR-202202-0081",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415282"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T22:35:30.057000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Expat Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183928"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1570",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1570"
          },
          {
            "title": "Ubuntu Security Notice: USN-5320-1: Expat vulnerabilities and regression",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5320-1"
          },
          {
            "title": "Red Hat: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-25315"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1759",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1759"
          },
          {
            "title": "Red Hat: Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221053 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221068 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221309 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221070 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221012 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5085-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b32ad21c953fb4340d1a4cbd3394eb98"
          },
          {
            "title": "Red Hat: Important: mingw-expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227811 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: OpenShift Virtualization 4.10.1 Images security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224668 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-036",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-036"
          },
          {
            "title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221739 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: firefox security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220816 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: firefox security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220824 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: firefox security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220818 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: firefox security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220817 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: firefox security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220815 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: thunderbird security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220850 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: thunderbird security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220847 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: thunderbird security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220853 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: thunderbird security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220845 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: thunderbird security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220843 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: RHV-H security update (redhat-virtualization-host) 4.3.22",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221263 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1779",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1779"
          },
          {
            "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221622 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2022: ALAS-2022-232",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-232"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "PoC in GitHub",
            "trust": 0.1,
            "url": "https://github.com/manas3c/CVE-POC "
          },
          {
            "title": "veracode-container-security-finding-parser",
            "trust": 0.1,
            "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-25315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415282"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25315"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2022/dsa-5085"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/libexpat/libexpat/pull/559"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 1.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031406"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1295"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022411"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022040715"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2476"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032224"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166703/red-hat-security-advisory-2022-1309-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022109"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166296/red-hat-security-advisory-2022-0847-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166638/red-hat-security-advisory-2022-1263-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0946"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166500/red-hat-security-advisory-2022-1068-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167226/red-hat-security-advisory-2022-4668-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0785.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166254/ubuntu-security-notice-usn-5320-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022050424"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166983/red-hat-security-advisory-2022-1739-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041272"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166275/red-hat-security-advisory-2022-0816-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1507"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051320"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0934"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032922"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032005"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1069"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1023"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-25315/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166453/red-hat-security-advisory-2022-1053-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031020"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166414/red-hat-security-advisory-2022-1012-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060122"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031502"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022030855"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1579"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/190.html"
          },
          {
            "trust": 0.1,
            "url": "https://alas.aws.amazon.com/alas-2022-1570.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5320-1"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1083"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1070"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26485"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26386"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26387"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26386"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26383"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26486"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26387"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26381"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26384"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26383"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26485"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26486"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26384"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26381"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-415282"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-25315"
          },
          {
            "db": "PACKETSTORM",
            "id": "169228"
          },
          {
            "db": "PACKETSTORM",
            "id": "166414"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "PACKETSTORM",
            "id": "166505"
          },
          {
            "db": "PACKETSTORM",
            "id": "166261"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25315"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-415282",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-25315",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169228",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166414",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169777",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166505",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166261",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25315",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-02-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415282",
            "ident": null
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-25315",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169228",
            "ident": null
          },
          {
            "date": "2022-03-23T15:58:43",
            "db": "PACKETSTORM",
            "id": "166414",
            "ident": null
          },
          {
            "date": "2022-03-29T15:53:19",
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "date": "2022-11-08T13:49:57",
            "db": "PACKETSTORM",
            "id": "169777",
            "ident": null
          },
          {
            "date": "2022-03-28T15:55:49",
            "db": "PACKETSTORM",
            "id": "166505",
            "ident": null
          },
          {
            "date": "2022-03-11T16:21:19",
            "db": "PACKETSTORM",
            "id": "166261",
            "ident": null
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1615",
            "ident": null
          },
          {
            "date": "2022-02-18T05:15:08.237000",
            "db": "NVD",
            "id": "CVE-2022-25315",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-415282",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-25315",
            "ident": null
          },
          {
            "date": "2022-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1615",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:01.760000",
            "db": "NVD",
            "id": "CVE-2022-25315",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Expat Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1615"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0104

    Vulnerability from variot - Updated: 2026-03-09 22:28

    In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). Expat ( alias libexpat) contains a computational error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details were provided at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . Summary:

    The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

    Security Fix(es) from Bugzilla:

    • golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)

    • golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)

    • golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)

    • golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to install and use MTC, refer to:

    https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page

    1. Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. Summary:

    Red Hat Advanced Cluster Management for Kubernetes 2.3.8 General Availability release images, which provide security and container updates. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

    Security updates:

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    Bug fix:

    • RHACM 2.3.8 images (Bugzilla #2062316)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: expat security update Advisory ID: RHSA-2022:1069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1069 Issue date: 2022-03-28 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:

    An update for expat is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

    • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)

    • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

    • expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)

    • expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)

    • expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)

    • expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)

    • expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)

    • expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)

    • expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)

    • expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)

    • expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat 2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c 2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c 2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c 2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c 2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c 2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c 2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c 2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    ppc64: expat-2.1.0-14.el7_9.ppc.rpm expat-2.1.0-14.el7_9.ppc64.rpm expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-devel-2.1.0-14.el7_9.ppc.rpm expat-devel-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-2.1.0-14.el7_9.ppc64le.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-devel-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-2.1.0-14.el7_9.s390.rpm expat-2.1.0-14.el7_9.s390x.rpm expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-devel-2.1.0-14.el7_9.s390.rpm expat-devel-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-static-2.1.0-14.el7_9.ppc.rpm expat-static-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-static-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-static-2.1.0-14.el7_9.s390.rpm expat-static-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7 3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh WAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD jJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW TODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29 3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV kPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX 3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe 0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU 7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd oqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb Fq9o8PxEr0c=KN+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h610s"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h610c"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h615c"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "solidfire \\\u0026 hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": null,
            "trust": 0.8,
            "vendor": "libexpat",
            "version": null
          },
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenable",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire \u0026 hci management node",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-45960"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2021-45960",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-45960",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-410670",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-45960",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-45960",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-45960",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2021-45960",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-45960",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "VULHUB",
                "id": "VHN-410670",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-45960",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-410670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-45960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-45960"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-45960"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). Expat ( alias libexpat) contains a computational error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details were provided at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: Limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* golang: debug/macho: Invalid dynamic symbol table command can cause panic\n(CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: syscall: Don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 General\nAvailability release images, which provide security and container updates. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: expat security update\nAdvisory ID:       RHSA-2022:1069-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1069\nIssue date:        2022-03-28\nCVE Names:         CVE-2021-45960 CVE-2021-46143 CVE-2022-22822\n                   CVE-2022-22823 CVE-2022-22824 CVE-2022-22825\n                   CVE-2022-22826 CVE-2022-22827 CVE-2022-23852\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for expat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash\nlibexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c\n(CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library\nmust be restarted for the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat\n2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c\n2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c\n2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c\n2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c\n2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c\n2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c\n2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c\n2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nppc64:\nexpat-2.1.0-14.el7_9.ppc.rpm\nexpat-2.1.0-14.el7_9.ppc64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-devel-2.1.0-14.el7_9.ppc.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-2.1.0-14.el7_9.ppc64le.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-2.1.0-14.el7_9.s390.rpm\nexpat-2.1.0-14.el7_9.s390x.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-devel-2.1.0-14.el7_9.s390.rpm\nexpat-devel-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-static-2.1.0-14.el7_9.ppc.rpm\nexpat-static-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-static-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-static-2.1.0-14.el7_9.s390.rpm\nexpat-static-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7\n3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh\nWAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD\njJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW\nTODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29\n3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV\nkPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX\n3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe\n0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU\n7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd\noqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb\nFq9o8PxEr0c=KN+u\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-45960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469"
          },
          {
            "db": "VULHUB",
            "id": "VHN-410670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-45960"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-45960",
            "trust": 3.3
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-278-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97425465",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-05481",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-410670",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-45960",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-410670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-45960"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-45960"
          }
        ]
      },
      "id": "VAR-202201-0104",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-410670"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T22:28:24.624000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SSA-484086 Hitachi Server / Client Product Security Information",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "title": "Debian CVElist Bug Report Logs: expat: CVE-2021-45960: A large number of prefixed XML attributes on a single tag can crash libexpat (troublesome left shifts by \u003e=29 bits in function storeAtts)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=23cccfe2296ab082c7121ac5a8440638"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1588",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1588"
          },
          {
            "title": "Red Hat: CVE-2021-45960",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-45960"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1788",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1788"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-017"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-45960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-682",
            "trust": 1.1
          },
          {
            "problemtype": "calculation error (CWE-682) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-410670"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-45960"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 1.2,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20220121-0004/"
          },
          {
            "trust": 1.1,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.1,
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/libexpat/libexpat/issues/531"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/libexpat/libexpat/pull/534"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97425465/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25636"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1083"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1069"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-410670"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-45960"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-410670",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-45960",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-45960",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-410670",
            "ident": null
          },
          {
            "date": "2022-01-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-45960",
            "ident": null
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "date": "2022-05-05T17:35:22",
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "date": "2022-03-24T14:36:50",
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "date": "2022-03-29T15:53:19",
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "date": "2022-03-28T15:54:26",
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-017469",
            "ident": null
          },
          {
            "date": "2022-01-01T19:15:08.030000",
            "db": "NVD",
            "id": "CVE-2021-45960",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-410670",
            "ident": null
          },
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-45960",
            "ident": null
          },
          {
            "date": "2023-10-10T05:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-017469",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:28.457000",
            "db": "NVD",
            "id": "CVE-2021-45960",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Expat\u00a0 calculation error vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "arbitrary, code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168578"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-201605-0145

    Vulnerability from variot - Updated: 2026-03-09 22:19

    Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat are prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. There is a security hole in Expat. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update Advisory ID: RHSA-2018:2486-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2018:2486 Issue date: 2018-08-16 CVE Names: CVE-2016-0718 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9598 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2017-1000254 CVE-2017-1000257 CVE-2018-0500 ==================================================================== 1. Summary:

    Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.

    Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.

    Security Fix(es):

    • expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)
    • curl: escape and unescape integer overflows (CVE-2016-7167)
    • curl: Cookie injection for other servers (CVE-2016-8615)
    • curl: Case insensitive password comparison (CVE-2016-8616)
    • curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)
    • curl: Double-free in curl_maprintf (CVE-2016-8618)
    • curl: Double-free in krb5 code (CVE-2016-8619)
    • curl: curl_getdate out-of-bounds read (CVE-2016-8621)
    • curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)
    • curl: Use-after-free via shared cookies (CVE-2016-8623)
    • curl: Invalid URL parsing with '#' (CVE-2016-8624)
    • curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)
    • libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)
    • pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)
    • pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)
    • pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)
    • pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)
    • pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)
    • curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)
    • curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
    • curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)

    Details around this issue, including information about the CVE, severity of the issue, and the CVSS score can be found on the CVE page listed in the Reference section below.

    The following packages have been upgraded to a newer upstream version: * Curl (7.57.0) * OpenSSL (1.0.2n) * Expat (2.2.5) * PCRE (8.41) * libxml2 (2.9.7)

    Acknowledgements:

    CVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue. Upstream acknowledges Max Dymond as the original reporter. CVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter. CVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.

    1. Solution:

    The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1296102 - CVE-2016-0718 expat: Out-of-bounds heap read on crafted input causing crash 1375906 - CVE-2016-7167 curl: escape and unescape integer overflows 1388370 - CVE-2016-8615 curl: Cookie injection for other servers 1388371 - CVE-2016-8616 curl: Case insensitive password comparison 1388377 - CVE-2016-8617 curl: Out-of-bounds write via unchecked multiplication 1388378 - CVE-2016-8618 curl: Double-free in curl_maprintf 1388379 - CVE-2016-8619 curl: Double-free in krb5 code 1388385 - CVE-2016-8621 curl: curl_getdate out-of-bounds read 1388386 - CVE-2016-8622 curl: URL unescape heap overflow via integer truncation 1388388 - CVE-2016-8623 curl: Use-after-free via shared cookies 1388390 - CVE-2016-8624 curl: Invalid URL parsing with '#' 1388392 - CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host 1408306 - CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) 1425365 - CVE-2017-6004 pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) 1434504 - CVE-2017-7186 pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) 1437364 - CVE-2017-7244 pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) 1437367 - CVE-2017-7245 pcre: stack-based buffer overflow write in pcre32_copy_substring 1437369 - CVE-2017-7246 pcre: stack-based buffer overflow write in pcre32_copy_substring 1495541 - CVE-2017-1000254 curl: FTP PWD response parser out of bounds read 1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read 1597101 - CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBW3WhLtzjgjWX9erEAQgw7g//Qz9zXKXcAGEiJLq910Gqgdj6IeJD7Zy1 lvB63+tVL79Rr7X1/rL8EYNoDYw7+MQJeFgWhCwGFPLJi43O3q5cDANVK8/9nUJp UV5QzGC62ncurV3U4MF8DWUcJYpi2QhvlV3O++0dVjx4ETJgBTBSGUpUeEzcYNjM 3LsNmroNWIURAyNsBzO3KgrQhWwJ3vM5e7X6Xgy44S07Kgs2yrArtcsHYjqlDzzR X3Yo8G97DurTikcIWcXs45w9rdKXNSheGRKL7Jp/mzoqCKV4RbieRM12L05MwXmi ZNTMdhJzd+aA3Kwx9JjOjSv8MJErRioUKZEisaH0VWnwTiQc4sOlIXgMuJBV+ZGo RZz0d4sQ1HkeTQKFHkt85abdEiK6OLtKpdZns0VvqqtfdaHJqitqaAfrvssc3D+R usY7sGrlm4rAyYSddWUlLgrF3KZq7PoxVqj+15NkvBisXPp6xwgSiu8aoxziIiNq 0UWQG7KvdlbmrlzNOBBe96COI3UK36AxUXMK6abPzW6VmlY6O1x2OPPgNcItOFVp /o2p3HalPrucwjfwADBGvlbc+SRUguNdnftvmAG3DO1Oon4OnRdoPerNBkY7QRRC Ke88RWnjA37kZ7bBL3Mag6rX8vIlZoy0g1563AnzvexpXiywy6fU4UNpkCHNulNH oPmWeYAK/SE=5slr -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This could reduce the security of calling applications. (CVE-2012-6702)

    It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300)

    Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. (CVE-2016-0718)

    It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    [slackware-security] expat (SSA:2016-359-01)

    New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

    Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/expat-2.2.0-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues: Multiple integer overflows in XML_GetBuffer. Fix crash on malformed input. Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716. Use more entropy for hash initialization. Resolve troublesome internal call to srand. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/expat-2.2.0-i486-1_slack13.0.txz

    Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/expat-2.2.0-x86_64-1_slack13.0.txz

    Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/expat-2.2.0-i486-1_slack13.1.txz

    Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/expat-2.2.0-x86_64-1_slack13.1.txz

    Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/expat-2.2.0-i486-1_slack13.37.txz

    Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/expat-2.2.0-x86_64-1_slack13.37.txz

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.2.0-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.2.0-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.2.0-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.2.0-x86_64-1_slack14.1.txz

    Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.2.0-i586-1_slack14.2.txz

    Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.2.0-x86_64-1_slack14.2.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.2.0-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.2.0-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 package: d042603604cda3dedb7a75cb049071c8 expat-2.2.0-i486-1_slack13.0.txz

    Slackware x86_64 13.0 package: 4c57af80cc3ccd277a365f8053dabd9b expat-2.2.0-x86_64-1_slack13.0.txz

    Slackware 13.1 package: 649682e89895159e90c0775f056a5b2a expat-2.2.0-i486-1_slack13.1.txz

    Slackware x86_64 13.1 package: dc109e48fb07db4aa47caa912308dcee expat-2.2.0-x86_64-1_slack13.1.txz

    Slackware 13.37 package: a7893a356510073d213e08e6df41be6b expat-2.2.0-i486-1_slack13.37.txz

    Slackware x86_64 13.37 package: 31f42e6ef7be259413659497f473b499 expat-2.2.0-x86_64-1_slack13.37.txz

    Slackware 14.0 package: 3d5ab68ef82db833aa1b890372dfa789 expat-2.2.0-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: 7ab4d2d05f4695904a4e164f6093ea38 expat-2.2.0-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 3e9c111a338efb49ed9aa85322e7dfed expat-2.2.0-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 5ec656840cad0813deeb632ef659d97b expat-2.2.0-x86_64-1_slack14.1.txz

    Slackware 14.2 package: 770d5c370a923d7f1356bc81ceaaa3e9 expat-2.2.0-i586-1_slack14.2.txz

    Slackware x86_64 14.2 package: 0b44169d48b17e181cddd25c547a0258 expat-2.2.0-x86_64-1_slack14.2.txz

    Slackware -current package: bc2d54deb510e5a41845207133fc1a75 l/expat-2.2.0-i586-1.txz

    Slackware x86_64 -current package: 4bf858ad9d41159ce9fe624e47d58f21 l/expat-2.2.0-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg expat-2.2.0-i586-1_slack14.2.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ========================================================================= Ubuntu Security Notice USN-3044-1 August 05, 2016

    firefox vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS

    Summary:

    Firefox could be made to crash or run programs as your login if it opened a malicious website.

    Software Description: - firefox: Mozilla Open Source web browser

    Details:

    Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information.

    (CVE-2016-0718)

    Toni Huttunen discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the pag e is closed. A remote attacked could potentially exploit this to track users, resulting in information disclosure. (CVE-2016-2830)

    Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward , Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Firefox. (CVE-2016-2835, CVE-2016-2836)

    A buffer overflow was discovered in the ClearKey Content Decryption Module (CDM) during video playback. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this t o cause a denial of service via plugin process crash, or, in combination with another vulnerability to escape the GMP sandbox, execute arbitrary code. (CVE-2016-2837)

    Atte Kettunen discovered a buffer overflow when rendering SVG content in some circumstances. (CVE-2016-2838)

    Bert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. (CVE-2016-2839)

    Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. An attacker could potentially exploit this to obtain sensitiv e information. (CVE-2016-5250)

    Firas Salem discovered an issue with non-ASCII and emoji characters in data: URLs. An attacker could potentially exploit this to spoof the addressbar contents. (CVE-2016-5251)

    Georg Koppen discovered a stack buffer underflow during 2D graphics rendering in some circumstances. (CVE-2016-5252)

    Abhishek Arya discovered a use-after-free when the alt key is used with top-level menus. (CVE-2016-5254)

    Jukka Jyl=C3=A4nki discovered a crash during garbage collection. (CVE-2016-5255)

    Looben Yang discovered a use-after-free in WebRTC. (CVE-2016-5258)

    Looben Yang discovered a use-after-free when working with nested sync events in service workers. (CVE-2016-5259)

    Mike Kaply discovered that plain-text passwords can be stored in session restore if an input field type is changed from "password" to "text" durin g a session, leading to information disclosure. (CVE-2016-5260)

    Samuel Gro=C3=9F discovered an integer overflow in WebSockets during data

    buffering in some circumstances. (CVE-2016-5261)

    Nikita Arykov discovered that JavaScript event handlers on a element can execute in a sandboxed iframe without the allow-scripts flag set. If a user were tricked in to opening a specially crafted website, an

    attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5262)

    A type confusion bug was discovered in display transformation during rendering. (CVE-2016-5263)

    A use-after-free was discovered when applying effects to SVG elements in some circumstances. (CVE-2016-5264)

    Abdulrahman Alqabandi discovered a same-origin policy violation relating to local HTML files and saved shortcut files. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5265)

    Rafael Gieschke discovered an information disclosure issue related to drag and drop. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5266)

    A text injection issue was discovered with about: URLs. An attacker could

    potentially exploit this to spoof internal error pages. (CVE-2016-5268)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 16.04 LTS: firefox 48.0+build2-0ubuntu0.16.04.1

    Ubuntu 14.04 LTS: firefox 48.0+build2-0ubuntu0.14.04.1

    Ubuntu 12.04 LTS: firefox 48.0+build2-0ubuntu0.12.04.1

    After a standard system update you need to restart Firefox to make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-3044-1 CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5268

    Package Information: https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.16.04 .1 https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.14.04 .1 https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.12.04 .1

    . Updated to the latest 2.7.x release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

    OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:

    apache_mod_php Available for:
    OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650

    Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro

    Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

    Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

    Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

    bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher

    CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.

    CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

    CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

    FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo

    Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins

    ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex

    ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

    ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

    Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher

    IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins

    IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero

    Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

    Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

    libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher

    libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco

    LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter

    libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany

    libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck

    libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire

    Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

    Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

    Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

    Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

    OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken

    QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab

    QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab

    QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab

    QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab

    Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD

    Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins

    Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900

    OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

    Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

    iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

    iTunes for Windows 12.6 addresses the following:

    APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "opensuse",
            "version": "42.1"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "studio onsite",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "suse",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.6.2"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "2.7.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.5.4"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.4.0"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "2.7.15"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.5.0"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.4.7"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.11.0"
          },
          {
            "_id": null,
            "model": "policy auditor",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "6.5.1"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.6.0"
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.11.5"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.2.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mozilla",
            "version": "48.0"
          },
          {
            "_id": null,
            "model": "python",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "python",
            "version": "3.3.0"
          },
          {
            "_id": null,
            "model": "linux enterprise debuginfo",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "suse",
            "version": "11-sp4"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "suse",
            "version": "12-sp1"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "10.11.6"
          },
          {
            "_id": null,
            "model": "ubuntu",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "canonical",
            "version": "12.04 lts"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "suse",
            "version": "12-sp1"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "suse",
            "version": "11-sp4"
          },
          {
            "_id": null,
            "model": "ubuntu",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "canonical",
            "version": "16.04 lts"
          },
          {
            "_id": null,
            "model": "linux enterprise debuginfo",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "suse",
            "version": "11-sp4"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": null,
            "trust": 0.8,
            "vendor": "expat",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "suse",
            "version": "12-sp1"
          },
          {
            "_id": null,
            "model": "ubuntu",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "canonical",
            "version": "15.10"
          },
          {
            "_id": null,
            "model": "ubuntu",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "canonical",
            "version": "14.04 lts"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "apple",
            "version": "10.11"
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31"
          },
          {
            "_id": null,
            "model": "big-ip afm hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.9"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.110.104.180"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.8"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip aam build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.40.1.256"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.1"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7.0.8"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip afm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.7"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.7"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "36.0.4"
          },
          {
            "_id": null,
            "model": "big-ip afm hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.11"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.01.14.628"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "20.0.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.4"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7.0.3"
          },
          {
            "_id": null,
            "model": "expat 2.1.0-6+deb8u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip aam hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.2"
          },
          {
            "_id": null,
            "model": "big-ip pem hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.1.0.0"
          },
          {
            "_id": null,
            "model": "big-ip pem hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.12"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip aam hf11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.8"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.4"
          },
          {
            "_id": null,
            "model": "big-ip afm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "14.01"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.4.0"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.7"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "22.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.7"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "big-ip aam hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip aam hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11.2"
          },
          {
            "_id": null,
            "model": "big-ip afm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.01.14.628"
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "37.0.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.19"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.8"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "26"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.20"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "43.0.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "36.0.3"
          },
          {
            "_id": null,
            "model": "big-ip afm hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "40"
          },
          {
            "_id": null,
            "model": "big-ip dns",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "33"
          },
          {
            "_id": null,
            "model": "big-ip pem hf9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.8"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "big-ip aam hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "47"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.3"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5.0.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "35"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.17"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.11"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.08"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "44"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11.3"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "37"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.6"
          },
          {
            "_id": null,
            "model": "websphere application server liberty pr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.0-"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "big-ip afm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.10.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "27.0.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "20.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip afm build 685-hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.7"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.17"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.13"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "18.0.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.2"
          },
          {
            "_id": null,
            "model": "big-ip aam hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.13"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.12"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.9"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.0.13"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.15"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip dns build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.01.14.628"
          },
          {
            "_id": null,
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.24"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "big-ip afm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.110.104.180"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5.0.7"
          },
          {
            "_id": null,
            "model": "big-ip dns",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip aam hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.7"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.19"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "28"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip afm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip aam hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.7"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip afm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip pem hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip aam build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.66.204.442"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.6"
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip afm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "big-ip websafe hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.18"
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.10"
          },
          {
            "_id": null,
            "model": "big-ip gtm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.110.104.180"
          },
          {
            "_id": null,
            "model": "big-ip aam hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.8"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip aam hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "25.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.10"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.18"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.23"
          },
          {
            "_id": null,
            "model": "big-ip aam hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.8"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.9.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "big-ip aam hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16.0.1"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.10"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.17"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.26"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.11"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.27"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.13"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "2.1.1-1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "38"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7.0.1"
          },
          {
            "_id": null,
            "model": "expat 2.1.0-1+deb7u2",
            "scope": null,
            "trust": 0.3,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip aam hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.8"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11.6"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip afm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.14"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.7"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "41.0.2"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.11"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.1.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.15"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.8"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "43.0.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.12"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.19"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.15"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "44.0.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "41"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.4"
          },
          {
            "_id": null,
            "model": "big-ip asm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.40.1.256"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.18"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.9"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.0.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.6"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip aam build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.01.14.628"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.6"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.16"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.6"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "big-ip afm hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.25"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.11"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "36"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "expat 2.1.0-6+deb8u1",
            "scope": null,
            "trust": 0.3,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.13"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.6"
          },
          {
            "_id": null,
            "model": "big-ip pem hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "40.0.3"
          },
          {
            "_id": null,
            "model": "big-ip asm hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "15"
          },
          {
            "_id": null,
            "model": "big-ip asm hf11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.5"
          },
          {
            "_id": null,
            "model": "big-ip afm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.22"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.9"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.5"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.20"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.3"
          },
          {
            "_id": null,
            "model": "big-ip pem hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.7"
          },
          {
            "_id": null,
            "model": "big-ip dns",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "19.0.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.6.1"
          },
          {
            "_id": null,
            "model": "big-ip aam hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip aam hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7.0.7"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.17"
          },
          {
            "_id": null,
            "model": "big-ip afm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip afm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.10"
          },
          {
            "_id": null,
            "model": "big-ip afm hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip aam hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.40.1.256"
          },
          {
            "_id": null,
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0"
          },
          {
            "_id": null,
            "model": "big-ip dns",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "27"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "_id": null,
            "model": "big-ip aam build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.110.104.180"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.14"
          },
          {
            "_id": null,
            "model": "big-ip pem hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "big-ip aam hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "30"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip analytics build 685-hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "19.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "14.0.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "43"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "29"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.1"
          },
          {
            "_id": null,
            "model": "big-ip aam hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.6"
          },
          {
            "_id": null,
            "model": "websphere application server full profile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.9"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "32.0.3"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.5"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.4"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip pem hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.6"
          },
          {
            "_id": null,
            "model": "big-ip dns hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.3"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "2.2.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11.5"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.28"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "19.0.1"
          },
          {
            "_id": null,
            "model": "big-ip aam hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "4.4.4"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip asm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.66.204.442"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7.0.4"
          },
          {
            "_id": null,
            "model": "websphere application server full profile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "big-ip websafe hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "14"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1.0"
          },
          {
            "_id": null,
            "model": "big-ip afm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16.0.2"
          },
          {
            "_id": null,
            "model": "big-ip link controller build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.40.1.256"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.4"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "solaris sru11.6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip aam hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip aam hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.512"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "35.0.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.2"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7.0.6"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.0.3"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "23.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.15"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "32"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "18.0.1"
          },
          {
            "_id": null,
            "model": "big-ip afm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.40.1.256"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "48"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5.0.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "42"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.0.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "big-ip dns hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.10"
          },
          {
            "_id": null,
            "model": "big-ip analytics build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.66.204.442"
          },
          {
            "_id": null,
            "model": "big-ip aam hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5.0.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "18.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.14"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.12"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7.0.5"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.2"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.40.1.256"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "big-ip aam build 685-hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.19"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.16"
          },
          {
            "_id": null,
            "model": "big-ip gtm build 685-hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "22.04917"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7"
          },
          {
            "_id": null,
            "model": "big-ip afm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip asm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.01.14.628"
          },
          {
            "_id": null,
            "model": "big-ip afm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.12"
          },
          {
            "_id": null,
            "model": "big-ip websafe hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "37.0.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "46"
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.10"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7.0.2"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "big-ip aam hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "23.0.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip aam hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.11"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.9"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "34.0.5"
          },
          {
            "_id": null,
            "model": "big-ip pem hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "21.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip asm build 685-hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "39.0.3"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "28.0.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip dns",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "15.0.1"
          },
          {
            "_id": null,
            "model": "big-ip websafe hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.18"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "25.0.1"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.8"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.6"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.020"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.66.204.442"
          },
          {
            "_id": null,
            "model": "mac os security update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x2016"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45"
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "39"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "websphere application server liberty profile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "big-ip afm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.14"
          },
          {
            "_id": null,
            "model": "big-ip dns hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16"
          },
          {
            "_id": null,
            "model": "big-ip asm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.110.104.180"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.2"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "big-ip asm hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.01.14.628"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.9"
          },
          {
            "_id": null,
            "model": "big-ip afm hf9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.10"
          },
          {
            "_id": null,
            "model": "netezza analytics",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.3.0"
          },
          {
            "_id": null,
            "model": "big-ip aam hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.8"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip websafe hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.4"
          },
          {
            "_id": null,
            "model": "big-ip afm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.66.204.442"
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.3.0"
          },
          {
            "_id": null,
            "model": "big-ip pem hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip aam hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5.0.4"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "big-ip aam hf9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "34"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "13.0.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.21"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.11"
          },
          {
            "_id": null,
            "model": "big-ip asm hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.21"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.16"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "expat",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "big-ip websafe hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip pem hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.19"
          },
          {
            "_id": null,
            "model": "big-ip pem hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.66.204.442"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.2"
          },
          {
            "_id": null,
            "model": "big-ip afm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.3"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "29.0.1"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "12.1.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "90729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-0718"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:canonical:ubuntu",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:debian:debian_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:libexpat:expat",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mozilla:firefox",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opensuse_project:leap",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:suse:linux_enterprise_debuginfo",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:suse:linux_enterprise_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:suse:linux_enterprise_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:suse:linux_enterprise_software_development_kit",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:suse:studio_onsite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Gustavo Grieco",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-0718",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-0718",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-88228",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-0718",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-0718",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-0718",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-0718",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201605-455",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-88228",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-0718",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-88228"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-0718"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-0718"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat are prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAttackers can exploit this issue to execute  arbitrary code in the context of the affected application. Failed  exploit attempts will result in denial-of-service conditions. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. There is a security hole in Expat. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update\nAdvisory ID:       RHSA-2018:2486-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:2486\nIssue date:        2018-08-16\nCVE Names:         CVE-2016-0718 CVE-2016-7167 CVE-2016-8615\n                   CVE-2016-8616 CVE-2016-8617 CVE-2016-8618\n                   CVE-2016-8619 CVE-2016-8621 CVE-2016-8622\n                   CVE-2016-8623 CVE-2016-8624 CVE-2016-8625\n                   CVE-2016-9598 CVE-2017-6004 CVE-2017-7186\n                   CVE-2017-7244 CVE-2017-7245 CVE-2017-7246\n                   CVE-2017-1000254 CVE-2017-1000257 CVE-2018-0500\n====================================================================\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.29 packages for\nMicrosoft Windows and Oracle Solaris are now available. \n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. \n\nSecurity Fix(es):\n\n* expat: Out-of-bounds heap read on crafted input causing crash\n(CVE-2016-0718)\n* curl: escape and unescape integer overflows (CVE-2016-7167)\n* curl: Cookie injection for other servers (CVE-2016-8615)\n* curl: Case insensitive password comparison (CVE-2016-8616)\n* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)\n* curl: Double-free in curl_maprintf (CVE-2016-8618)\n* curl: Double-free in krb5 code (CVE-2016-8619)\n* curl: curl_getdate out-of-bounds read (CVE-2016-8621)\n* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)\n* curl: Use-after-free via shared cookies (CVE-2016-8623)\n* curl: Invalid URL parsing with \u0027#\u0027 (CVE-2016-8624)\n* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)\n* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)\n(CVE-2016-9598)\n* pcre: Out-of-bounds read in compile_bracket_matchingpath function\n(8.41/3) (CVE-2017-6004)\n* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)\n* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c)\n(CVE-2017-7244)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring\n(CVE-2017-7245)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring\n(CVE-2017-7246)\n* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)\n* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)\n* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading\ndata over SMTP (CVE-2018-0500)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below. \n\nThe following packages have been upgraded to a newer upstream version:\n* Curl (7.57.0)\n* OpenSSL (1.0.2n)\n* Expat (2.2.5)\n* PCRE (8.41)\n* libxml2 (2.9.7)\n\nAcknowledgements:\n\nCVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting\nthis issue. \nUpstream acknowledges Max Dymond as the original reporter. \nCVE-2017-1000257: Red Hat would like to thank  the Curl project for\nreporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz\nproject) as the original reporter. \nCVE-2018-0500: Red Hat would like to thank the Curl project for reporting\nthis issue. \n\n3. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Core Services installation (including all\napplications and configuration files). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1296102 - CVE-2016-0718 expat: Out-of-bounds heap read on crafted input causing crash\n1375906 - CVE-2016-7167 curl: escape and unescape integer overflows\n1388370 - CVE-2016-8615 curl: Cookie injection for other servers\n1388371 - CVE-2016-8616 curl: Case insensitive password comparison\n1388377 - CVE-2016-8617 curl: Out-of-bounds write via unchecked multiplication\n1388378 - CVE-2016-8618 curl: Double-free in curl_maprintf\n1388379 - CVE-2016-8619 curl: Double-free in krb5 code\n1388385 - CVE-2016-8621 curl: curl_getdate out-of-bounds read\n1388386 - CVE-2016-8622 curl: URL unescape heap overflow via integer truncation\n1388388 - CVE-2016-8623 curl: Use-after-free via shared cookies\n1388390 - CVE-2016-8624 curl: Invalid URL parsing with \u0027#\u0027\n1388392 - CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host\n1408306 - CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)\n1425365 - CVE-2017-6004 pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)\n1434504 - CVE-2017-7186 pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)\n1437364 - CVE-2017-7244 pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)\n1437367 - CVE-2017-7245 pcre: stack-based buffer overflow write in pcre32_copy_substring\n1437369 - CVE-2017-7246 pcre: stack-based buffer overflow write in pcre32_copy_substring\n1495541 - CVE-2017-1000254 curl: FTP PWD response parser out of bounds read\n1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read\n1597101 - CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP\n\n5. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW3WhLtzjgjWX9erEAQgw7g//Qz9zXKXcAGEiJLq910Gqgdj6IeJD7Zy1\nlvB63+tVL79Rr7X1/rL8EYNoDYw7+MQJeFgWhCwGFPLJi43O3q5cDANVK8/9nUJp\nUV5QzGC62ncurV3U4MF8DWUcJYpi2QhvlV3O++0dVjx4ETJgBTBSGUpUeEzcYNjM\n3LsNmroNWIURAyNsBzO3KgrQhWwJ3vM5e7X6Xgy44S07Kgs2yrArtcsHYjqlDzzR\nX3Yo8G97DurTikcIWcXs45w9rdKXNSheGRKL7Jp/mzoqCKV4RbieRM12L05MwXmi\nZNTMdhJzd+aA3Kwx9JjOjSv8MJErRioUKZEisaH0VWnwTiQc4sOlIXgMuJBV+ZGo\nRZz0d4sQ1HkeTQKFHkt85abdEiK6OLtKpdZns0VvqqtfdaHJqitqaAfrvssc3D+R\nusY7sGrlm4rAyYSddWUlLgrF3KZq7PoxVqj+15NkvBisXPp6xwgSiu8aoxziIiNq\n0UWQG7KvdlbmrlzNOBBe96COI3UK36AxUXMK6abPzW6VmlY6O1x2OPPgNcItOFVp\n/o2p3HalPrucwjfwADBGvlbc+SRUguNdnftvmAG3DO1Oon4OnRdoPerNBkY7QRRC\nKe88RWnjA37kZ7bBL3Mag6rX8vIlZoy0g1563AnzvexpXiywy6fU4UNpkCHNulNH\noPmWeYAK/SE=5slr\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This could reduce the security of\ncalling applications. (CVE-2012-6702)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly\nhandled seeding the random number generator. A remote attacker could\npossibly use this issue to cause a denial of service. (CVE-2016-5300)\n\nGustavo Grieco discovered that the Expat code in XML-RPC for C and C++\nincorrectly handled malformed XML data. (CVE-2016-0718)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly\nhandled malformed XML data. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  expat (SSA:2016-359-01)\n\nNew expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/expat-2.2.0-i586-1_slack14.2.txz:  Upgraded. \n  This update fixes bugs and security issues:\n  Multiple integer overflows in XML_GetBuffer. \n  Fix crash on malformed input. \n  Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716. \n  Use more entropy for hash initialization. \n  Resolve troublesome internal call to srand. \n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/expat-2.2.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/expat-2.2.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/expat-2.2.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/expat-2.2.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/expat-2.2.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/expat-2.2.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.2.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.2.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.2.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.2.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.2.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.2.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.2.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.2.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\nd042603604cda3dedb7a75cb049071c8  expat-2.2.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n4c57af80cc3ccd277a365f8053dabd9b  expat-2.2.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n649682e89895159e90c0775f056a5b2a  expat-2.2.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndc109e48fb07db4aa47caa912308dcee  expat-2.2.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\na7893a356510073d213e08e6df41be6b  expat-2.2.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n31f42e6ef7be259413659497f473b499  expat-2.2.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3d5ab68ef82db833aa1b890372dfa789  expat-2.2.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7ab4d2d05f4695904a4e164f6093ea38  expat-2.2.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n3e9c111a338efb49ed9aa85322e7dfed  expat-2.2.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n5ec656840cad0813deeb632ef659d97b  expat-2.2.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n770d5c370a923d7f1356bc81ceaaa3e9  expat-2.2.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n0b44169d48b17e181cddd25c547a0258  expat-2.2.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nbc2d54deb510e5a41845207133fc1a75  l/expat-2.2.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4bf858ad9d41159ce9fe624e47d58f21  l/expat-2.2.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg expat-2.2.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n=========================================================================\nUbuntu Security Notice USN-3044-1\nAugust 05, 2016\n\nfirefox vulnerabilities\n=========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nFirefox could be made to crash or run programs as your login if it\nopened a malicious website. \n\nSoftware Description:\n- firefox: Mozilla Open Source web browser\n\nDetails:\n\nGustavo Grieco discovered an out-of-bounds read during XML parsing in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or obtain sensitive information. \n\n(CVE-2016-0718)\n\nToni Huttunen discovered that once a favicon is requested from a site,\nthe remote server can keep the network connection open even after the pag\ne\nis closed. A remote attacked could potentially exploit this to track\nusers, resulting in information disclosure. (CVE-2016-2830)\n\nChristian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward\n,\nCarsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil\nRingnalda discovered multiple memory safety issues in Firefox. (CVE-2016-2835, CVE-2016-2836)\n\nA buffer overflow was discovered in the ClearKey Content Decryption\nModule (CDM) during video playback. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this t\no\ncause a denial of service via plugin process crash, or, in combination\nwith another vulnerability to escape the GMP sandbox, execute arbitrary\ncode. (CVE-2016-2837)\n\nAtte Kettunen discovered a buffer overflow when rendering SVG content in\nsome circumstances. \n(CVE-2016-2838)\n\nBert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. (CVE-2016-2839)\n\n\nCatalin Dumitru discovered that URLs of resources loaded after a\nnavigation start could be leaked to the following page via the Resource\nTiming API. An attacker could potentially exploit this to obtain sensitiv\ne\ninformation. (CVE-2016-5250)\n\nFiras Salem discovered an issue with non-ASCII and emoji characters in\ndata: URLs. An attacker could potentially exploit this to spoof the\naddressbar contents. (CVE-2016-5251)\n\nGeorg Koppen discovered a stack buffer underflow during 2D graphics\nrendering in some circumstances. (CVE-2016-5252)\n\nAbhishek Arya discovered a use-after-free when the alt key is used with\ntop-level menus. (CVE-2016-5254)\n\n\nJukka Jyl=C3=A4nki discovered a crash during garbage collection. (CVE-2016-5255)\n\nLooben Yang discovered a use-after-free in WebRTC. (CVE-2016-5258)\n\nLooben Yang discovered a use-after-free when working with nested sync\nevents in service workers. (CVE-2016-5259)\n\nMike Kaply discovered that plain-text passwords can be stored in session\nrestore if an input field type is changed from \"password\" to \"text\" durin\ng\na session, leading to information disclosure. (CVE-2016-5260)\n\nSamuel Gro=C3=9F discovered an integer overflow in WebSockets during data\n\nbuffering in some circumstances. (CVE-2016-5261)\n\nNikita Arykov discovered that JavaScript event handlers on a \u003cmarquee\u003e\nelement can execute in a sandboxed iframe without the allow-scripts flag\nset. If a user were tricked in to opening a specially crafted website, an\n\nattacker could potentially exploit this to conduct cross-site scripting\n(XSS) attacks. (CVE-2016-5262)\n\nA type confusion bug was discovered in display transformation during\nrendering. (CVE-2016-5263)\n\n\nA use-after-free was discovered when applying effects to SVG elements in\nsome circumstances. \n(CVE-2016-5264)\n\nAbdulrahman Alqabandi discovered a same-origin policy violation relating\nto local HTML files and saved shortcut files. An attacker could\npotentially exploit this to obtain sensitive information. (CVE-2016-5265)\n\n\nRafael Gieschke discovered an information disclosure issue related to\ndrag and drop. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5266)\n\nA text injection issue was discovered with about: URLs. An attacker could\n\npotentially exploit this to spoof internal error pages. (CVE-2016-5268)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  firefox                         48.0+build2-0ubuntu0.16.04.1\n\nUbuntu 14.04 LTS:\n  firefox                         48.0+build2-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n  firefox                         48.0+build2-0ubuntu0.12.04.1\n\nAfter a standard system update you need to restart Firefox to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-3044-1\n  CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836,\n  CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250,\n  CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255,\n  CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261,\n  CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265,\n  CVE-2016-5266, CVE-2016-5268\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.16.04\n.1\n  https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.14.04\n.1\n  https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.12.04\n.1\n\n\n\n. \n  Updated to the latest 2.7.x release. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to view sensitive user information\nDescription:  A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to elevate privileges\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription:  User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An application may be able to execute arbitrary code with\nroot privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a denial of service\nDescription:  A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to gain root privileges\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A user\u0027s password may be visible on screen\nDescription:  An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-28-2 Additional information for\nAPPLE-SA-2017-03-22-1 iTunes for Windows 12.6\n\niTunes for Windows 12.6 addresses the following:\n\nAPNs Server\nAvailable for:  Windows 7 and later\nImpact: An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription: A client certificate was sent in plaintext",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-0718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          },
          {
            "db": "BID",
            "id": "90729"
          },
          {
            "db": "VULHUB",
            "id": "VHN-88228"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-0718"
          },
          {
            "db": "PACKETSTORM",
            "id": "148973"
          },
          {
            "db": "PACKETSTORM",
            "id": "137544"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "140275"
          },
          {
            "db": "PACKETSTORM",
            "id": "138181"
          },
          {
            "db": "PACKETSTORM",
            "id": "147507"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "137958"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          }
        ],
        "trust": 2.88
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-88228",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-88228"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-0718",
            "trust": 3.8
          },
          {
            "db": "BID",
            "id": "90729",
            "trust": 2.1
          },
          {
            "db": "SECTRACK",
            "id": "1036348",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1037705",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1036415",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "141350",
            "trust": 1.8
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2016/05/17/12",
            "trust": 1.8
          },
          {
            "db": "TENABLE",
            "id": "TNS-2016-20",
            "trust": 1.8
          },
          {
            "db": "MCAFEE",
            "id": "SB10365",
            "trust": 1.8
          },
          {
            "db": "JVN",
            "id": "JVNVU94844193",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0699",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2593",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "138181",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "148973",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "139908",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137109",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137108",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-88228",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-0718",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137544",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141808",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140275",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "147507",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141796",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137958",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141937",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-88228"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-0718"
          },
          {
            "db": "BID",
            "id": "90729"
          },
          {
            "db": "PACKETSTORM",
            "id": "148973"
          },
          {
            "db": "PACKETSTORM",
            "id": "137544"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "140275"
          },
          {
            "db": "PACKETSTORM",
            "id": "138181"
          },
          {
            "db": "PACKETSTORM",
            "id": "147507"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "137958"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-0718"
          }
        ]
      },
      "id": "VAR-201605-0145",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-88228"
          }
        ],
        "trust": 0.543459205
      },
      "last_update_date": "2026-03-09T22:19:46.968000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
            "trust": 0.8,
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "title": "HT206903",
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/HT206903"
          },
          {
            "title": "HT206903",
            "trust": 0.8,
            "url": "https://support.apple.com/ja-jp/HT206903"
          },
          {
            "title": "DSA-3582",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2016/dsa-3582"
          },
          {
            "title": "MFSA2016-68",
            "trust": 0.8,
            "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-68.html"
          },
          {
            "title": "MFSA2016-68",
            "trust": 0.8,
            "url": "http://www.mozilla-japan.org/security/announce/2016/mfsa2016-68.html"
          },
          {
            "title": "SUSE-SU-2016:1512",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html"
          },
          {
            "title": "openSUSE-SU-2016",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html"
          },
          {
            "title": "SUSE-SU-2016:1508",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html"
          },
          {
            "title": "Bug 1296102",
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102#c2"
          },
          {
            "title": "Expat XML Parser",
            "trust": 0.8,
            "url": "https://sourceforge.net/projects/expat/"
          },
          {
            "title": "USN-2983-1",
            "trust": 0.8,
            "url": "http://www.ubuntu.com/usn/USN-2983-1/"
          },
          {
            "title": "Expat Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=61769"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2017/02/28/eset_antivirus_opens_macs_to_remote_execution_as_root/"
          },
          {
            "title": "Red Hat: Moderate: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162824 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: expat vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2983-1"
          },
          {
            "title": "Mozilla: Mozilla Foundation Security Advisory 2016-68",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2016-68"
          },
          {
            "title": "Mozilla: Out-of-bounds read during XML parsing in Expat library",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=ed80349726dbf716de7cec0c272ec473"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2016-775",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-775"
          },
          {
            "title": "Ubuntu Security Notice: xmlrpc-c vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3013-1"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182486 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R5] Nessus 6.8 Fixes Multiple Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-11"
          },
          {
            "title": "Ubuntu Security Notice: firefox vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3044-1"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014November 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=29d79db4a6421689e55b5a9ce5d2aa60"
          },
          {
            "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-20"
          },
          {
            "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "afl-cve",
            "trust": 0.1,
            "url": "https://github.com/mrash/afl-cve "
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/google-security-researcher-finds-security-hole-in-esets-mac-antivirus/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2016-0718"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-88228"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-0718"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.1,
            "url": "http://www.debian.org/security/2016/dsa-3582"
          },
          {
            "trust": 2.1,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "trust": 2.1,
            "url": "https://source.android.com/security/bulletin/2016-11-01.html"
          },
          {
            "trust": 1.9,
            "url": "http://www.securityfocus.com/bid/90729"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2018:2486"
          },
          {
            "trust": 1.9,
            "url": "http://www.ubuntu.com/usn/usn-3044-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id/1036348"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id/1036415"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id/1037705"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2017/feb/68"
          },
          {
            "trust": 1.8,
            "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/201701-21"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-2824.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-2983-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.openwall.com/lists/oss-security/2016/05/17/12"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/141350/eset-endpoint-antivirus-6-remote-code-execution.html"
          },
          {
            "trust": 1.8,
            "url": "http://support.eset.com/ca6333/"
          },
          {
            "trust": 1.8,
            "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-68.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "trust": 1.8,
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236923"
          },
          {
            "trust": 1.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/ht206903"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
          },
          {
            "trust": 1.7,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10365"
          },
          {
            "trust": 1.0,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0718"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu94844193/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0718"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/errata/rhsa-2016:2824"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2016-0718"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5300"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4472"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2593"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0699/"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6702"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1283"
          },
          {
            "trust": 0.4,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.4,
            "url": "https://gpgtools.org"
          },
          {
            "trust": 0.4,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.3,
            "url": "http://expat.sourceforge.net/"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/oss-sec/2016/q2/360"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024076"
          },
          {
            "trust": 0.3,
            "url": "https://support.f5.com/csp/article/k52320548"
          },
          {
            "trust": 0.3,
            "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2016-68/"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989336"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992933"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988026"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994401"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6153"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3415"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3270"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6607"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3560"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3416"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3717"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3414"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7443"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
          },
          {
            "trust": 0.3,
            "url": "https://www.apple.com/itunes/download/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1147"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5300"
          },
          {
            "trust": 0.2,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4472"
          },
          {
            "trust": 0.2,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.2,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10365"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2983-1/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53129"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8624"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8625"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8624"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7244"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9598"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-1000254"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8619"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8618"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8617"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8616"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-7245"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7186"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8616"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8617"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8619"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7246"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-7167"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8621"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8622"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000257"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-1000257"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6004"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0500"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-0500"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8622"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7245"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000254"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-7186"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8615"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8615"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8618"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8625"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-7244"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8623"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-9598"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7167"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8621"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8623"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-7246"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-6004"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.2"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-3013-1"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1283"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6702"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5252"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5250"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2837"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5251"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5261"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2836"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5264"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5258"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5260"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5265"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2835"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5268"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2830"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2839"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5266"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5255"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.16.04"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.14.04"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.12.04"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5262"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5259"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5263"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5254"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9233"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1061"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9233"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9063"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1060"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9063"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1060"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1061"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
          },
          {
            "trust": 0.1,
            "url": "http://www.apple.com/support/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht206900"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2480"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5029"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2479"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2383"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2463"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-88228"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-0718"
          },
          {
            "db": "BID",
            "id": "90729"
          },
          {
            "db": "PACKETSTORM",
            "id": "148973"
          },
          {
            "db": "PACKETSTORM",
            "id": "137544"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "140275"
          },
          {
            "db": "PACKETSTORM",
            "id": "138181"
          },
          {
            "db": "PACKETSTORM",
            "id": "147507"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "137958"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-0718"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-88228",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-0718",
            "ident": null
          },
          {
            "db": "BID",
            "id": "90729",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "148973",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137544",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141808",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140275",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "138181",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "147507",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141796",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137958",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141937",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2016-0718",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-05-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-88228",
            "ident": null
          },
          {
            "date": "2016-05-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-0718",
            "ident": null
          },
          {
            "date": "2016-05-18T00:00:00",
            "db": "BID",
            "id": "90729",
            "ident": null
          },
          {
            "date": "2018-08-17T17:41:42",
            "db": "PACKETSTORM",
            "id": "148973",
            "ident": null
          },
          {
            "date": "2016-06-21T00:20:59",
            "db": "PACKETSTORM",
            "id": "137544",
            "ident": null
          },
          {
            "date": "2017-03-24T14:54:06",
            "db": "PACKETSTORM",
            "id": "141808",
            "ident": null
          },
          {
            "date": "2016-12-25T13:15:00",
            "db": "PACKETSTORM",
            "id": "140275",
            "ident": null
          },
          {
            "date": "2016-08-05T22:46:55",
            "db": "PACKETSTORM",
            "id": "138181",
            "ident": null
          },
          {
            "date": "2018-05-05T13:13:00",
            "db": "PACKETSTORM",
            "id": "147507",
            "ident": null
          },
          {
            "date": "2017-03-23T16:22:29",
            "db": "PACKETSTORM",
            "id": "141796",
            "ident": null
          },
          {
            "date": "2016-07-19T19:45:20",
            "db": "PACKETSTORM",
            "id": "137958",
            "ident": null
          },
          {
            "date": "2017-03-28T23:44:44",
            "db": "PACKETSTORM",
            "id": "141937",
            "ident": null
          },
          {
            "date": "2016-05-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-455",
            "ident": null
          },
          {
            "date": "2016-05-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002931",
            "ident": null
          },
          {
            "date": "2016-05-26T16:59:00.133000",
            "db": "NVD",
            "id": "CVE-2016-0718",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-02-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-88228",
            "ident": null
          },
          {
            "date": "2023-02-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-0718",
            "ident": null
          },
          {
            "date": "2017-09-25T20:00:00",
            "db": "BID",
            "id": "90729",
            "ident": null
          },
          {
            "date": "2023-04-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-455",
            "ident": null
          },
          {
            "date": "2016-09-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002931",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-0718",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "137544"
          },
          {
            "db": "PACKETSTORM",
            "id": "138181"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "_id": null,
        "data": "Expat Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002931"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-455"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0395

    Vulnerability from variot - Updated: 2026-03-09 22:06

    Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Bugs fixed (https://bugzilla.redhat.com/):

    2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    Debian Security Advisory DSA-5073-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2022 https://www.debian.org/security/faq


    Package : expat CVE ID : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 Debian Bug : 1002994 1003474

    Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

    Security Fix(es):

    • Openshift-Gitops: Improper access control allows admin privilege escalation (CVE-2022-1025)

    • argocd: path traversal and improper access control allows leaking out-of-bound files (CVE-2022-24730)

    • argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update Advisory ID: RHSA-2022:7143-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:7143 Issue date: 2022-10-26 CVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275 CVE-2021-41524 CVE-2021-44224 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary:

    An update is now available for Red Hat JBoss Core Services.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64

    1. Description:

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Package List:

    Red Hat JBoss Core Services on RHEL 7 Server:

    Source: jbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm

    Red Hat JBoss Core Services on RHEL 8:

    Source: jbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-41524 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR V1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls j7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP JVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe p7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc M+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM +OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv uA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds RMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY FmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou Btep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx m+Yms1hf0io=Dgle -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "communications metasolv solution",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "6.3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.4"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168696"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23852",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-23852",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-413070",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-23852",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23852",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-23852",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2194",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-413070",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23852",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Bugs fixed (https://bugzilla.redhat.com/):\n\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5073-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nFebruary 12, 2022                     https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : expat\nCVE ID         : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827\n                 CVE-2022-23852 CVE-2022-23990\nDebian Bug     : 1002994 1003474\n\nSeveral vulnerabilities have been discovered in Expat, an XML parsing C\nlibrary, which could result in denial of service or potentially the\nexecution of arbitrary code, if a malformed XML file is processed. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. \n\nSecurity Fix(es):\n\n* Openshift-Gitops: Improper access control allows admin privilege\nescalation (CVE-2022-1025)\n\n* argocd: path traversal and improper access control allows leaking\nout-of-bound files (CVE-2022-24730)\n\n* argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update\nAdvisory ID:       RHSA-2022:7143-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7143\nIssue date:        2022-10-26\nCVE Names:         CVE-2021-33193 CVE-2021-36160 CVE-2021-39275\n                   CVE-2021-41524 CVE-2021-44224 CVE-2021-45960\n                   CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                   CVE-2022-22824 CVE-2022-22825 CVE-2022-22826\n                   CVE-2022-22827 CVE-2022-23852 CVE-2022-23990\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25313\n                   CVE-2022-25314 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-41524\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-23990\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR\nV1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls\nj7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP\nJVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe\np7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc\nM+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM\n+OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv\nuA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds\nRMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY\nFmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou\nBtep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx\nm+Yms1hf0io=Dgle\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          },
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852"
          },
          {
            "db": "PACKETSTORM",
            "id": "168696"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23852",
            "trust": 2.5
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168696",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167321",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012504",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060130",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032013",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012622",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022061722",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070643",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020902",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022021418",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022030721",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072607",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166088",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1795",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0626",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4460",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5062",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0946",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0741",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5666",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2607",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2024",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3236",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-413070",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852"
          },
          {
            "db": "PACKETSTORM",
            "id": "168696"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "id": "VAR-202201-0395",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T22:06:33.725000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "libexpat Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=179981"
          },
          {
            "title": "Red Hat: Moderate: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224834 - Security Advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1569",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1569"
          },
          {
            "title": "Red Hat: CVE-2022-23852",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-23852"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1754",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1754"
          },
          {
            "title": "Red Hat: Important: OpenShift Virtualization 4.8.7 Images bug fixes and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226890 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-028",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-028"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225483 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225924 - Security Advisory"
          },
          {
            "title": "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=68c6989b84f14aaac220c13b754c7702"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-23852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20220217-0001/"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/550"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
          },
          {
            "trust": 1.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168696/red-hat-security-advisory-2022-6890-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-integer-overflow-via-xml-getbuffer-37363"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5062"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060130"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070643"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022030721"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0596"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166088/ubuntu-security-notice-usn-5288-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012622"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012504"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4460"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0946"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0741"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1795"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167321/red-hat-security-advisory-2022-4834-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2024"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3236"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0494"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6890"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1353"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1353"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1042"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1039"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "PACKETSTORM",
            "id": "168696"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-413070",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168696",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-413070",
            "ident": null
          },
          {
            "date": "2022-01-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23852",
            "ident": null
          },
          {
            "date": "2022-10-12T13:22:05",
            "db": "PACKETSTORM",
            "id": "168696",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "date": "2022-03-24T14:34:35",
            "db": "PACKETSTORM",
            "id": "166431",
            "ident": null
          },
          {
            "date": "2022-03-24T14:36:50",
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "date": "2022-03-24T14:40:17",
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:19",
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "date": "2022-01-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2194",
            "ident": null
          },
          {
            "date": "2022-01-24T02:15:06.733000",
            "db": "NVD",
            "id": "CVE-2022-23852",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-413070",
            "ident": null
          },
          {
            "date": "2022-10-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23852",
            "ident": null
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2194",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:58.757000",
            "db": "NVD",
            "id": "CVE-2022-23852",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "libexpat Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0498

    Vulnerability from variot - Updated: 2026-03-09 21:54

    nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat is a fast streaming XML parser written in C. The vulnerability is caused by a boundary error when nextScaffoldPart in xmlparse.c exists when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Background

    Expat is a set of XML parsing libraries.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . Summary:

    The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

    1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

    1. Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. This update provides security fixes, bug fixes, and updates the container images. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

    Security updates:

    • golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

    • nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

    • imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)

    • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    Related bugs:

    • RHACM 2.4.3 image files (BZ #2057249)

    • Observability - dashboard name contains / would cause error when generating dashboard cm (BZ #2032128)

    • ACM application placement fails after renaming the application name (BZ

    2033051)

    • Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)

    • Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)

    • The value of name label changed from clusterclaim name to cluster name (BZ #2042223)

    • VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ

    2048500)

    • clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)

    • Application cluster status is not updated in UI after restoring (BZ

    2053279)

    • OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)

    • The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)

    • Subscriptions stop reconciling after channel secrets are recreated (BZ

    2059954)

    • Placementrule is not reconciling on a new fresh environment (BZ #2074156)

    • The cluster claimed from clusterpool cannot auto imported (BZ #2074543)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported

    1. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

    Security updates:

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    Bug fix:

    • RHACM 2.3.8 images (Bugzilla #2062316)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: xmlrpc-c security update Advisory ID: RHSA-2022:7692-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7692 Issue date: 2022-11-08 CVE Names: CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ==================================================================== 1. Summary:

    An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux BaseOS (v. 8):

    Source: xmlrpc-c-1.51.0-8.el8.src.rpm

    aarch64: xmlrpc-c-1.51.0-8.el8.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm

    ppc64le: xmlrpc-c-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm

    s390x: xmlrpc-c-1.51.0-8.el8.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm

    x86_64: xmlrpc-c-1.51.0-8.el8.i686.rpm xmlrpc-c-1.51.0-8.el8.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-1.51.0-8.el8.i686.rpm xmlrpc-c-client-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm

    Red Hat CodeReady Linux Builder (v. 8):

    aarch64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm xmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm

    ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm

    s390x: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm xmlrpc-c-devel-1.51.0-8.el8.s390x.rpm

    x86_64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm xmlrpc-c-devel-1.51.0-8.el8.i686.rpm xmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5 Vot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG LF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5 K/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU JOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8 0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd IlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ XaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI nv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y qKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7 uOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S ZzcPNNMPHw0=wFwS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22826"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169788"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-22826",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-22826",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-411552",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-22826",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22826",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-22826",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-641",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411552",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411552"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-641"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22826"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22826"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat is a fast streaming XML parser written in C. The vulnerability is caused by a boundary error when nextScaffoldPart in xmlparse.c exists when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n=========\nExpat is a set of XML parsing libraries. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. This update provides security fixes, bug\nfixes, and updates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature  authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: xmlrpc-c security update\nAdvisory ID:       RHSA-2022:7692-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7692\nIssue date:        2022-11-08\nCVE Names:         CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                   CVE-2022-22824 CVE-2022-22825 CVE-2022-22826\n                   CVE-2022-22827\n====================================================================\n1. Summary:\n\nAn update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nXML-RPC is a remote procedure call (RPC) protocol that uses XML to encode\nits calls and HTTP as a transport mechanism. The xmlrpc-c packages provide\na network protocol to allow a client program to make a simple RPC (remote\nprocedure call) over the Internet. It converts an RPC into an XML document,\nsends it to a remote server using HTTP, and gets back the response in XML. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nxmlrpc-c-1.51.0-8.el8.src.rpm\n\naarch64:\nxmlrpc-c-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm\n\nppc64le:\nxmlrpc-c-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm\n\ns390x:\nxmlrpc-c-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm\n\nx86_64:\nxmlrpc-c-1.51.0-8.el8.i686.rpm\nxmlrpc-c-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm\n\nppc64le:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm\n\ns390x:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-devel-1.51.0-8.el8.s390x.rpm\n\nx86_64:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-devel-1.51.0-8.el8.i686.rpm\nxmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5\nVot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG\nLF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5\nK/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU\nJOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8\n0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd\nIlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ\nXaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI\nnv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y\nqKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7\nuOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S\nZzcPNNMPHw0=wFwS\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22826"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411552"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169788"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22826",
            "trust": 2.4
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0626",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0369",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2165",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032013",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022021418",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072710",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070734",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011713",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070605",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020902",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-641",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-04543",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-411552",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411552"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-641"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22826"
          }
        ]
      },
      "id": "VAR-202201-0498",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411552"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T21:54:18.865000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411552"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22826"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/539"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-six-vulnerabilities-37271"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011713"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2165"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0369"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070734"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0536"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0155"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0144"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22817"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1396"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1041"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1039"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1476"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1083"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7692"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411552"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-641"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22826"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411552",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-641",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22826",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411552",
            "ident": null
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "date": "2022-04-20T15:12:33",
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "date": "2022-03-24T14:36:50",
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "date": "2022-03-24T14:40:17",
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "date": "2022-04-21T15:12:25",
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "date": "2022-03-29T15:53:19",
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "date": "2022-11-08T13:52:57",
            "db": "PACKETSTORM",
            "id": "169788",
            "ident": null
          },
          {
            "date": "2022-01-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-641",
            "ident": null
          },
          {
            "date": "2022-01-10T14:12:57.113000",
            "db": "NVD",
            "id": "CVE-2022-22826",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411552",
            "ident": null
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-641",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:53.610000",
            "db": "NVD",
            "id": "CVE-2022-22826",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-641"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Expat Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-641"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-641"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0414

    Vulnerability from variot - Updated: 2026-03-09 20:39

    addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Expat is a fast streaming XML parser written in C. Expat has a buffer overflow vulnerability in versions prior to 2.4.3. The vulnerability is caused by a boundary error in addBinding in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Background

    Expat is a set of XML parsing libraries.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

    Security Fix(es):

    • Openshift-Gitops: Improper access control allows admin privilege escalation (CVE-2022-1025)

    • argocd: path traversal and improper access control allows leaking out-of-bound files (CVE-2022-24730)

    • argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

    Security updates:

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    Bug fix:

    • RHACM 2.3.8 images (Bugzilla #2062316)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update Advisory ID: RHSA-2022:7143-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:7143 Issue date: 2022-10-26 CVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275 CVE-2021-41524 CVE-2021-44224 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary:

    An update is now available for Red Hat JBoss Core Services.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64

    1. Description:

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    Security Fix(es):

    • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

    • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)

    • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

    • httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)

    • httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)

    • httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

    • httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)

    • httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)

    • expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)

    • expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)

    • expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)

    • expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)

    • expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)

    • expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)

    • expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)

    • expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)

    • expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)

    • expat: stack exhaustion in doctype parsing (CVE-2022-25313)

    • expat: integer overflow in copyString() (CVE-2022-25314)

    • expat: integer overflow in the doProlog function (CVE-2022-23990)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Package List:

    Red Hat JBoss Core Services on RHEL 7 Server:

    Source: jbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm

    Red Hat JBoss Core Services on RHEL 8:

    Source: jbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-41524 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR V1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls j7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP JVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe p7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc M+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM +OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv uA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds RMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY FmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou Btep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx m+Yms1hf0io=Dgle -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": null,
            "trust": 0.8,
            "vendor": "libexpat",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenable",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22822"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2022-22822",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-22822",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-411548",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-22822",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-22822",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22822",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-22822",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22822",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411548",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22822",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411548"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22822"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22822"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Expat is a fast streaming XML parser written in C. Expat has a buffer overflow vulnerability in versions prior to 2.4.3. The vulnerability is caused by a boundary error in addBinding in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n=========\nExpat is a set of XML parsing libraries. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. \n\nSecurity Fix(es):\n\n* Openshift-Gitops: Improper access control allows admin privilege\nescalation\n(CVE-2022-1025)\n\n* argocd: path traversal and improper access control allows leaking\nout-of-bound\nfiles (CVE-2022-24730)\n\n* argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update\nAdvisory ID:       RHSA-2022:7143-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7143\nIssue date:        2022-10-26\nCVE Names:         CVE-2021-33193 CVE-2021-36160 CVE-2021-39275\n                   CVE-2021-41524 CVE-2021-44224 CVE-2021-45960\n                   CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                   CVE-2022-22824 CVE-2022-22825 CVE-2022-22826\n                   CVE-2022-22827 CVE-2022-23852 CVE-2022-23990\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25313\n                   CVE-2022-25314 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: NULL pointer dereference via crafted request during HTTP/2 request\nprocessing (CVE-2021-41524)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash\nlibexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c\n(CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\n* expat: stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: integer overflow in copyString() (CVE-2022-25314)\n\n* expat: integer overflow in the doProlog function (CVE-2022-23990)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-41524\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-23990\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR\nV1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls\nj7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP\nJVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe\np7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc\nM+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM\n+OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv\nuA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds\nRMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY\nFmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou\nBtep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx\nm+Yms1hf0io=Dgle\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411548"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22822"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22822",
            "trust": 3.3
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-278-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97425465",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-04540",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-411548",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22822",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411548"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22822"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22822"
          }
        ]
      },
      "id": "VAR-202201-0414",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411548"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T20:39:46.667000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SSA-484086 Hitachi Server / Client Product Security Information",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "title": "Red Hat: CVE-2022-22822",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-22822"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: expat: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1730aaeace15912feb07b96b49c44c9a"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1603",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1603"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1809",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1809"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-017"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-22822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22822"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 1.2,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/libexpat/libexpat/pull/539"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97425465/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.4,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1042"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0536"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1083"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411548"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22822"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411548",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22822",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22822",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411548",
            "ident": null
          },
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22822",
            "ident": null
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "date": "2022-03-24T14:34:35",
            "db": "PACKETSTORM",
            "id": "166431",
            "ident": null
          },
          {
            "date": "2022-03-29T15:53:19",
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:19",
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002879",
            "ident": null
          },
          {
            "date": "2022-01-10T14:12:56.047000",
            "db": "NVD",
            "id": "CVE-2022-22822",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411548",
            "ident": null
          },
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22822",
            "ident": null
          },
          {
            "date": "2023-10-10T05:55:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002879",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:52.380000",
            "db": "NVD",
            "id": "CVE-2022-22822",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Expat\u00a0 Integer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002879"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "overflow, code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          }
        ],
        "trust": 0.2
      }
    }

    VAR-202201-0468

    Vulnerability from variot - Updated: 2026-03-09 19:58

    build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability stems from a boundary error in the build_model in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 .

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

    Security Fix(es):

    • Openshift-Gitops: Improper access control allows admin privilege escalation (CVE-2022-1025)

    • argocd: path traversal and improper access control allows leaking out-of-bound files (CVE-2022-24730)

    • argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: expat security update Advisory ID: RHSA-2022:0951-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0951 Issue date: 2022-03-16 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:

    An update for expat is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    Expat is a C library for parsing XML documents.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

    1. Package List:

    Red Hat Enterprise Linux BaseOS (v. 8):

    Source: expat-2.2.5-4.el8_5.3.src.rpm

    aarch64: expat-2.2.5-4.el8_5.3.aarch64.rpm expat-debuginfo-2.2.5-4.el8_5.3.aarch64.rpm expat-debugsource-2.2.5-4.el8_5.3.aarch64.rpm expat-devel-2.2.5-4.el8_5.3.aarch64.rpm

    ppc64le: expat-2.2.5-4.el8_5.3.ppc64le.rpm expat-debuginfo-2.2.5-4.el8_5.3.ppc64le.rpm expat-debugsource-2.2.5-4.el8_5.3.ppc64le.rpm expat-devel-2.2.5-4.el8_5.3.ppc64le.rpm

    s390x: expat-2.2.5-4.el8_5.3.s390x.rpm expat-debuginfo-2.2.5-4.el8_5.3.s390x.rpm expat-debugsource-2.2.5-4.el8_5.3.s390x.rpm expat-devel-2.2.5-4.el8_5.3.s390x.rpm

    x86_64: expat-2.2.5-4.el8_5.3.i686.rpm expat-2.2.5-4.el8_5.3.x86_64.rpm expat-debuginfo-2.2.5-4.el8_5.3.i686.rpm expat-debuginfo-2.2.5-4.el8_5.3.x86_64.rpm expat-debugsource-2.2.5-4.el8_5.3.i686.rpm expat-debugsource-2.2.5-4.el8_5.3.x86_64.rpm expat-devel-2.2.5-4.el8_5.3.i686.rpm expat-devel-2.2.5-4.el8_5.3.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYjJSC9zjgjWX9erEAQjISQ//Z+1p1XtGbQuztV4zY/1wBgBQdBeuCxu0 2kj+fV9+PiZe32zRwBrYz1S0kAZZFq1Laz0ulO6w5GE4B2b/jXnj38FfzJN/cdtO gomEzjPT80Ie16/H8hSCutchWvsKb3J6WhkCcPn1AP5FxNpSJMUuVWN80wTk33Ap 9aPOcL296tzSRlsHxnnIh6qBebPMLeVSBIud3pCOeRAlkuM/tJ+CEZvfLeyS1zjw QltPlnCHM5xk/gRAsaPILOAAPRp4MI5pJNhMx1PPKs2JfCASoKSakonvZ8S6BwLJ qqgp/5bQCRXVIzmOZmWhiZDYB0f3QDOVOso9yOLFanJDeHSow8sBGHOIS/cVPttv 7tlsKYuQAOMku9JhyIQh3QkcGlBOqAYoLxafwzC9mtF+OITHl2zmzeHSYkvVZHj7 l43rcTC8YaFyknJA23H4n/RaqrU7TP4T9pAVo+eltQy07w8/peg8nK3O1N5PVxHx u+NMbGcr54B/K3wTAiHPxZb1mi9bfzu0vsJLuQC4yQuvLFXhtawvrKZCMPqj93JH e1d4Y/AF+2dNWkaK9JSQiD/WfGtLzsOk7Jq63ksIfbAMwY+Djf+pXV4GkTg9eSCe bbSuqmeCY59ydrM/bBNpxaxaIr9FhmE8Uqyt1D7RgT4cKG60CRSV9zxzLDYOhSTM 6/RZ7AnnaPU=lQEd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22823"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Siemens notified CISA of these vulnerabilities.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-22823",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-22823",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-411549",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-22823",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22823",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-22823",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-637",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411549",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22823",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411549"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22823"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22823"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22823"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability stems from a boundary error in the build_model in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. \n\nSecurity Fix(es):\n\n* Openshift-Gitops: Improper access control allows admin privilege\nescalation\n(CVE-2022-1025)\n\n* argocd: path traversal and improper access control allows leaking\nout-of-bound\nfiles (CVE-2022-24730)\n\n* argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: expat security update\nAdvisory ID:       RHSA-2022:0951-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0951\nIssue date:        2022-03-16\nCVE Names:         CVE-2021-45960 CVE-2021-46143 CVE-2022-22822\n                   CVE-2022-22823 CVE-2022-22824 CVE-2022-22825\n                   CVE-2022-22826 CVE-2022-22827 CVE-2022-23852\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for expat is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library\nmust be restarted for the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nexpat-2.2.5-4.el8_5.3.src.rpm\n\naarch64:\nexpat-2.2.5-4.el8_5.3.aarch64.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.aarch64.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.aarch64.rpm\nexpat-devel-2.2.5-4.el8_5.3.aarch64.rpm\n\nppc64le:\nexpat-2.2.5-4.el8_5.3.ppc64le.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.ppc64le.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.ppc64le.rpm\nexpat-devel-2.2.5-4.el8_5.3.ppc64le.rpm\n\ns390x:\nexpat-2.2.5-4.el8_5.3.s390x.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.s390x.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.s390x.rpm\nexpat-devel-2.2.5-4.el8_5.3.s390x.rpm\n\nx86_64:\nexpat-2.2.5-4.el8_5.3.i686.rpm\nexpat-2.2.5-4.el8_5.3.x86_64.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.i686.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.x86_64.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.i686.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.x86_64.rpm\nexpat-devel-2.2.5-4.el8_5.3.i686.rpm\nexpat-devel-2.2.5-4.el8_5.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYjJSC9zjgjWX9erEAQjISQ//Z+1p1XtGbQuztV4zY/1wBgBQdBeuCxu0\n2kj+fV9+PiZe32zRwBrYz1S0kAZZFq1Laz0ulO6w5GE4B2b/jXnj38FfzJN/cdtO\ngomEzjPT80Ie16/H8hSCutchWvsKb3J6WhkCcPn1AP5FxNpSJMUuVWN80wTk33Ap\n9aPOcL296tzSRlsHxnnIh6qBebPMLeVSBIud3pCOeRAlkuM/tJ+CEZvfLeyS1zjw\nQltPlnCHM5xk/gRAsaPILOAAPRp4MI5pJNhMx1PPKs2JfCASoKSakonvZ8S6BwLJ\nqqgp/5bQCRXVIzmOZmWhiZDYB0f3QDOVOso9yOLFanJDeHSow8sBGHOIS/cVPttv\n7tlsKYuQAOMku9JhyIQh3QkcGlBOqAYoLxafwzC9mtF+OITHl2zmzeHSYkvVZHj7\nl43rcTC8YaFyknJA23H4n/RaqrU7TP4T9pAVo+eltQy07w8/peg8nK3O1N5PVxHx\nu+NMbGcr54B/K3wTAiHPxZb1mi9bfzu0vsJLuQC4yQuvLFXhtawvrKZCMPqj93JH\ne1d4Y/AF+2dNWkaK9JSQiD/WfGtLzsOk7Jq63ksIfbAMwY+Djf+pXV4GkTg9eSCe\nbbSuqmeCY59ydrM/bBNpxaxaIr9FhmE8Uqyt1D7RgT4cKG60CRSV9zxzLDYOhSTM\n6/RZ7AnnaPU=lQEd\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22823"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411549"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22823"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22823",
            "trust": 2.3
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072710",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070734",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032013",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011713",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070605",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020902",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022021418",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0626",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2171",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5666",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0369",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-04539",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-411549",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22823",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411549"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22823"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22823"
          }
        ]
      },
      "id": "VAR-202201-0468",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411549"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T19:58:20.601000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Red Hat: CVE-2022-22823",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-22823"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: expat: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1730aaeace15912feb07b96b49c44c9a"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1603",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1603"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1809",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1809"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-017"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-22823"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411549"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22823"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/539"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 1.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-six-vulnerabilities-37271"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2171"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011713"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0369"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070734"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.3,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1042"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0951"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411549"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166348"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22823"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411549",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22823",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22823",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411549",
            "ident": null
          },
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22823",
            "ident": null
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "date": "2022-03-24T14:34:35",
            "db": "PACKETSTORM",
            "id": "166431",
            "ident": null
          },
          {
            "date": "2022-03-24T14:36:50",
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "date": "2022-03-17T15:51:32",
            "db": "PACKETSTORM",
            "id": "166348",
            "ident": null
          },
          {
            "date": "2022-01-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-637",
            "ident": null
          },
          {
            "date": "2022-01-10T14:12:56.270000",
            "db": "NVD",
            "id": "CVE-2022-22823",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411549",
            "ident": null
          },
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22823",
            "ident": null
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-637",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:52.690000",
            "db": "NVD",
            "id": "CVE-2022-22823",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Expat Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-637"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0372

    Vulnerability from variot - Updated: 2026-03-09 19:57

    lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by a boundary error in the lookup in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-5073-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2022 https://www.debian.org/security/faq


    Package : expat CVE ID : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 Debian Bug : 1002994 1003474

    Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Summary:

    The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

    Security Fix(es):

    • golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to install and use MTC, refer to:

    https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

    1. Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. This update provides security fixes, bug fixes, and updates the container images. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

    Security updates:

    • golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

    • nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

    • imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)

    • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    Related bugs:

    • RHACM 2.4.3 image files (BZ #2057249)

    • Observability - dashboard name contains / would cause error when generating dashboard cm (BZ #2032128)

    • ACM application placement fails after renaming the application name (BZ

    2033051)

    • Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)

    • Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)

    • The value of name label changed from clusterclaim name to cluster name (BZ #2042223)

    • VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ

    2048500)

    • clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)

    • Application cluster status is not updated in UI after restoring (BZ

    2053279)

    • OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)

    • The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)

    • Subscriptions stop reconciling after channel secrets are recreated (BZ

    2059954)

    • Placementrule is not reconciling on a new fresh environment (BZ #2074156)

    • The cluster claimed from clusterpool cannot auto imported (BZ #2074543)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported

    1. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

    Security updates:

    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

    • nodejs-shelljs: improper privilege management (CVE-2022-0144)

    • follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

    • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

    Bug fix:

    • RHACM 2.3.8 images (Bugzilla #2062316)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: expat security update Advisory ID: RHSA-2022:1069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1069 Issue date: 2022-03-28 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:

    An update for expat is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    Expat is a C library for parsing XML documents.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    ppc64: expat-2.1.0-14.el7_9.ppc.rpm expat-2.1.0-14.el7_9.ppc64.rpm expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-devel-2.1.0-14.el7_9.ppc.rpm expat-devel-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-2.1.0-14.el7_9.ppc64le.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-devel-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-2.1.0-14.el7_9.s390.rpm expat-2.1.0-14.el7_9.s390x.rpm expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-devel-2.1.0-14.el7_9.s390.rpm expat-devel-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-static-2.1.0-14.el7_9.ppc.rpm expat-static-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-static-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-static-2.1.0-14.el7_9.s390.rpm expat-static-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7 3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh WAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD jJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW TODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29 3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV kPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX 3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe 0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU 7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd oqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb Fq9o8PxEr0c=KN+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": null,
            "trust": 0.8,
            "vendor": "libexpat",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenable",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22825"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          }
        ],
        "trust": 0.5
      },
      "cve": "CVE-2022-22825",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-22825",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-411551",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-22825",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-22825",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22825",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-22825",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22825",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411551",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22825",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411551"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22825"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22825"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by a boundary error in the lookup in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5073-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nFebruary 12, 2022                     https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : expat\nCVE ID         : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827\n                 CVE-2022-23852 CVE-2022-23990\nDebian Bug     : 1002994 1003474\n\nSeveral vulnerabilities have been discovered in Expat, an XML parsing C\nlibrary, which could result in denial of service or potentially the\nexecution of arbitrary code, if a malformed XML file is processed. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* golang: net/http/httputil: panic due to racy read of persistConn after\nhandler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. This update provides security fixes, bug\nfixes, and updates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide some security fixes and bug fixes. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature  authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: expat security update\nAdvisory ID:       RHSA-2022:1069-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1069\nIssue date:        2022-03-28\nCVE Names:         CVE-2021-45960 CVE-2021-46143 CVE-2022-22822\n                   CVE-2022-22823 CVE-2022-22824 CVE-2022-22825\n                   CVE-2022-22826 CVE-2022-22827 CVE-2022-23852\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for expat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library\nmust be restarted for the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nppc64:\nexpat-2.1.0-14.el7_9.ppc.rpm\nexpat-2.1.0-14.el7_9.ppc64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-devel-2.1.0-14.el7_9.ppc.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-2.1.0-14.el7_9.ppc64le.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-2.1.0-14.el7_9.s390.rpm\nexpat-2.1.0-14.el7_9.s390x.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-devel-2.1.0-14.el7_9.s390.rpm\nexpat-devel-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-static-2.1.0-14.el7_9.ppc.rpm\nexpat-static-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-static-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-static-2.1.0-14.el7_9.s390.rpm\nexpat-static-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7\n3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh\nWAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD\njJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW\nTODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29\n3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV\nkPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX\n3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe\n0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU\n7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd\noqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb\nFq9o8PxEr0c=KN+u\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411551"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22825"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22825",
            "trust": 3.4
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-278-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97425465",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-04542",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-411551",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22825",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411551"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22825"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22825"
          }
        ]
      },
      "id": "VAR-202201-0372",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411551"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T19:57:38.857000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SSA-484086 Hitachi Server / Client Product Security Information",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "title": "Red Hat: CVE-2022-22825",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-22825"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: expat: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1730aaeace15912feb07b96b49c44c9a"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1603",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1603"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1809",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1809"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-017"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-22825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22825"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/libexpat/libexpat/pull/539"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97425465/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0536"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0155"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0144"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22817"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1396"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1476"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1083"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1069"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411551"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166812"
          },
          {
            "db": "PACKETSTORM",
            "id": "166516"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22825"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411551",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22825",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22825",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411551",
            "ident": null
          },
          {
            "date": "2022-01-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22825",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "date": "2022-04-20T15:12:33",
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "date": "2022-03-24T14:36:50",
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "date": "2022-04-21T15:12:25",
            "db": "PACKETSTORM",
            "id": "166812",
            "ident": null
          },
          {
            "date": "2022-03-29T15:53:19",
            "db": "PACKETSTORM",
            "id": "166516",
            "ident": null
          },
          {
            "date": "2022-03-28T15:54:26",
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002876",
            "ident": null
          },
          {
            "date": "2022-01-10T14:12:56.847000",
            "db": "NVD",
            "id": "CVE-2022-22825",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411551",
            "ident": null
          },
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22825",
            "ident": null
          },
          {
            "date": "2023-10-10T06:03:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002876",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:53.360000",
            "db": "NVD",
            "id": "CVE-2022-22825",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Expat\u00a0 Integer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002876"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "arbitrary",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169217"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-202201-0426

    Vulnerability from variot - Updated: 2025-05-07 21:33

    Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                           https://security.gentoo.org/
    

    Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


    Synopsis

    Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/expat < 2.4.9 >= 2.4.9

    Description

    Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

    References

    [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-24

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 .

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: mingw-expat security update Advisory ID: RHSA-2022:7811-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7811 Issue date: 2022-11-08 CVE Names: CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary:

    An update for mingw-expat is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat CodeReady Linux Builder (v. 8) - noarch

    1. Description:

    Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW.

    The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127)

    Security Fix(es):

    • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

    • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)

    • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

    • expat: Stack exhaustion in doctype parsing (CVE-2022-25313)

    • expat: Integer overflow in copyString() (CVE-2022-25314)

    • expat: Integer overflow in the doProlog function (CVE-2022-23990)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat CodeReady Linux Builder (v. 8):

    Source: mingw-expat-2.4.8-1.el8.src.rpm

    noarch: mingw32-expat-2.4.8-1.el8.noarch.rpm mingw32-expat-debuginfo-2.4.8-1.el8.noarch.rpm mingw64-expat-2.4.8-1.el8.noarch.rpm mingw64-expat-debuginfo-2.4.8-1.el8.noarch.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY2pSN9zjgjWX9erEAQiUug//S0FwujIXoFODWtJgEPijbfoA28JgVjcz lRdWl0wmXyMSlFkkBVIrOeGgxM4oLUpAwOdOPWIzb/M29xEfo4h3e8lHlwAwqklO lQcv663dY57lHRfbKgunlYWKTZ4+3kZbziZB/Zv58rw6bPDQ/wE96urY3/O0m1ct Dkk3j4zKiAnIFKWEvUHCwui7tOeUHXNAasCXifYoePimf9+lgta+pnYf86parIBg D3afd0S6meUnLqW6EtD0WTJPh6eztjDFEJ/9LKpXo2SL8FAYTrI9yfGQJNsHkGc4 9NaAd3QeBKoGqcg/qBdb9FfwQqHZJGot4BtTui8/E5xnUg3F+/1PuMGxtQ4jI6X9 ey6sWsUKCXMdlhv3TxAs/LFTR1cnkT7heEag/f58eo/W8VBow09k7cs3iktrNd+M 4REv3cfyJ+kFAfA6N6plHb27lFP0aTMveH7FYiWpFGqPH15u3NFcPdsk8qijv4WZ sREJ6LgDknk80Rmla2td+l3Vo4iTCWEL7gvoY9uhzWCbuMvj1SSk5rOqVXtOEvuF 8MpPM+xShIgGbYrFPxeMjYF16p+FxYVDcapSGrIORksAKOunAWDOHmZf+jR7iCMX ts3y9wxwNBObMK+Jr+ApYRohz9obamvxjlwBwXSWJ6xlsFyu5Y3e6IzSm/EJpK1i f25ydDFruA4=jL/2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0426",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "model": "communications metasolv solution",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "6.3.1"
          },
          {
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.4"
          },
          {
            "model": "oracle communications metasolv solution",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          },
          {
            "model": "libexpat",
            "scope": null,
            "trust": 0.8,
            "vendor": "libexpat",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "nessus",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenable",
            "version": null
          },
          {
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "sinema remote connect server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23990"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siemens notified CISA of these vulnerabilities.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23990",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-23990",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-413433",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-23990",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-23990",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23990",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-23990",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-23990",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2483",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-413433",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23990",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23990"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23990"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. After installing the updated packages, the\nhttpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: mingw-expat security update\nAdvisory ID:       RHSA-2022:7811-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7811\nIssue date:        2022-11-08\nCVE Names:         CVE-2022-23990 CVE-2022-25235 CVE-2022-25236\n                   CVE-2022-25313 CVE-2022-25314 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for mingw-expat is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - noarch\n\n3. Description:\n\nExpat is a C library for parsing XML documents. The mingw-expat packages\nprovide a port of the Expat library for MinGW. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127)\n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* expat: Stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: Integer overflow in copyString() (CVE-2022-25314)\n\n* expat: Integer overflow in the doProlog function (CVE-2022-23990)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat CodeReady Linux Builder (v. 8):\n\nSource:\nmingw-expat-2.4.8-1.el8.src.rpm\n\nnoarch:\nmingw32-expat-2.4.8-1.el8.noarch.rpm\nmingw32-expat-debuginfo-2.4.8-1.el8.noarch.rpm\nmingw64-expat-2.4.8-1.el8.noarch.rpm\nmingw64-expat-debuginfo-2.4.8-1.el8.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-23990\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY2pSN9zjgjWX9erEAQiUug//S0FwujIXoFODWtJgEPijbfoA28JgVjcz\nlRdWl0wmXyMSlFkkBVIrOeGgxM4oLUpAwOdOPWIzb/M29xEfo4h3e8lHlwAwqklO\nlQcv663dY57lHRfbKgunlYWKTZ4+3kZbziZB/Zv58rw6bPDQ/wE96urY3/O0m1ct\nDkk3j4zKiAnIFKWEvUHCwui7tOeUHXNAasCXifYoePimf9+lgta+pnYf86parIBg\nD3afd0S6meUnLqW6EtD0WTJPh6eztjDFEJ/9LKpXo2SL8FAYTrI9yfGQJNsHkGc4\n9NaAd3QeBKoGqcg/qBdb9FfwQqHZJGot4BtTui8/E5xnUg3F+/1PuMGxtQ4jI6X9\ney6sWsUKCXMdlhv3TxAs/LFTR1cnkT7heEag/f58eo/W8VBow09k7cs3iktrNd+M\n4REv3cfyJ+kFAfA6N6plHb27lFP0aTMveH7FYiWpFGqPH15u3NFcPdsk8qijv4WZ\nsREJ6LgDknk80Rmla2td+l3Vo4iTCWEL7gvoY9uhzWCbuMvj1SSk5rOqVXtOEvuF\n8MpPM+xShIgGbYrFPxeMjYF16p+FxYVDcapSGrIORksAKOunAWDOHmZf+jR7iCMX\nts3y9wxwNBObMK+Jr+ApYRohz9obamvxjlwBwXSWJ6xlsFyu5Y3e6IzSm/EJpK1i\nf25ydDFruA4=jL/2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "db": "VULHUB",
            "id": "VHN-413433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23990"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23990",
            "trust": 3.9
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 1.4
          },
          {
            "db": "PACKETSTORM",
            "id": "169777",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-278-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97425465",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022021418",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032013",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012804",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022061722",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020902",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072607",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0626",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0741",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5749",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1795",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2607",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4460",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-413433",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23990"
          }
        ]
      },
      "id": "VAR-202201-0426",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413433"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2025-05-07T21:33:07.954000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "hitachi-sec-2023-204",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "title": "Expat Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=180387"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2023-1882",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2023-1882"
          },
          {
            "title": "Red Hat: CVE-2022-23990",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-23990"
          },
          {
            "title": "Red Hat: Important: mingw-expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227811 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2023-2280",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2280"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-028",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-028"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Amazon Linux 2022: ALAS-2022-232",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-232"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-23990 "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/gatecheckdev/gatecheck "
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-23990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413433"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23990"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/551"
          },
          {
            "trust": 1.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/r7ff2uh7mpxktadysjuahi2y5uhbshuh/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34nxvl2rzc2yzrv74zq3rnfb7wceup7d/"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97425465/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34nxvl2rzc2yzrv74zq3rnfb7wceup7d/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/r7ff2uh7mpxktadysjuahi2y5uhbshuh/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0741"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1795"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-integer-overflow-via-doprolog-37397"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0596"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4460"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012804"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.3,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413433"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23990"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-413433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23990"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-01-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-413433"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23990"
          },
          {
            "date": "2023-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "date": "2022-09-30T14:56:43",
            "db": "PACKETSTORM",
            "id": "168578"
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "date": "2022-10-27T13:05:19",
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "date": "2022-11-08T13:49:57",
            "db": "PACKETSTORM",
            "id": "169777"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          },
          {
            "date": "2022-01-26T19:15:08.517000",
            "db": "NVD",
            "id": "CVE-2022-23990"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-413433"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23990"
          },
          {
            "date": "2023-10-10T06:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          },
          {
            "date": "2022-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          },
          {
            "date": "2025-05-05T17:17:59.050000",
            "db": "NVD",
            "id": "CVE-2022-23990"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Expat\u00a0 Integer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003474"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2483"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201207-0369

    Vulnerability from variot - Updated: 2025-04-11 21:40

    readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. The Expat library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML data. Exploiting these issues allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. Expat versions prior to 2.1.0 are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008

    OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses the following:

    apache_mod_php Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30. CVE-ID CVE-2015-7803 CVE-2015-7804

    AppSandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt

    Bluetooth Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7108 : Ian Beer of Google Project Zero

    CFNetwork HTTPProtocol Available for: OS X El Capitan v10.11 and v10.11.1 Impact: An attacker with a privileged network position may be able to bypass HSTS Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea)

    Compression Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru

    Configuration Profiles Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local attacker may be able to install a configuration profile without admin privileges Description: An issue existed when installing configuration profiles. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-7062 : David Mulder of Dell Software

    CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team

    CoreMedia Playback Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7074 : Apple CVE-2015-7075

    Disk Images Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7110 : Ian Beer of Google Project Zero

    EFI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in the kernel loader. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7063 : Apple

    File Bookmark Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A path validation issue existed in app scoped bookmarks. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7071 : Apple

    Hypervisor Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A use after free issue existed in the handling of VM objects. This issue was addressed through improved memory management. CVE-ID CVE-2015-7078 : Ian Beer of Google Project Zero

    iBooks Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)

    ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple

    Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A null pointer dereference issue was addressed through improved input validation. CVE-ID CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D

    Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D

    Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7077 : Ian Beer of Google Project Zero

    IOAcceleratorFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7109 : Juwei Lin of TrendMicro

    IOHIDFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero

    IOKit SCSI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero

    IOThunderboltFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference existed in IOThunderboltFamily's handling of certain userclient types. This issue was addressed through improved validation of IOThunderboltFamily contexts. CVE-ID CVE-2015-7067 : Juwei Lin of TrendMicro

    Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool)

    Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero

    Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero

    kext tools Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A validation issue existed during the loading of kernel extensions. This issue was addressed through additional verification. CVE-ID CVE-2015-7052 : Apple

    Keychain Access Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to masquerade as the Keychain Server. Description: An issue existed in how Keychain Access interacted with Keychain Agent. This issue was resolved by removing legacy functionality. CVE-ID CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi- Min Hu of Tsinghua University, and Xinhui Han of Peking University

    libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift

    libc Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)

    libexpat Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in expat Description: Multiple vulnerabilities existed in expat version prior to 2.1.0. CVE-ID CVE-2012-0876 : Vincent Danen CVE-2012-1147 : Kurt Seifried CVE-2012-1148 : Kurt Seifried

    libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological University

    OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7065 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks

    OpenLDAP Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote unauthenticated client may be able to cause a denial of service Description: An input validation issue existed in OpenLDAP. This issue was addressed through improved input validation. CVE-ID CVE-2015-6908

    OpenSSH Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 CVE-2015-5334

    QuickLook Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7107

    Sandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple

    Security Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.

    Security Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google

    Security Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may gain access to a user's Keychain items Description: An issue existed in the validation of access control lists for keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-7058

    System Integrity Protection Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to execute arbitrary code with system privileges Description: A privilege issue existed in handling union mounts. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7044 : MacDefender

    Installation note:

    Security Update 2015-008 is recommended for all users and improves the security of OS X. After installing this update, the QuickTime 7 web browser plug-in will no longer be enabled by default. Learn what to do if you still need this legacy plug-in. https://support.apple.com/en-us/HT205081

    OS X El Capitan v10.11.2 includes the security content of Safari 9.0.2: https://support.apple.com/en-us/HT205639

    OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

    iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn +XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz 0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36 Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T gvIdn3N1k8hWpmYDjxZd =Yi/n -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-06


                                            http://security.gentoo.org/
    

    Severity: Normal Title: Expat: Multiple vulnerabilities Date: September 24, 2012 Bugs: #280615, #303727, #407519 ID: 201209-06


    Synopsis

    Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service.

    Background

    Expat is a set of XML parsing libraries. Please review the CVE identifiers referenced below for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Expat users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.1.0_beta3"

    Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

    References

    [ 1 ] CVE-2009-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560 [ 2 ] CVE-2009-3720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720 [ 3 ] CVE-2012-0876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0876 [ 4 ] CVE-2012-1147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1147 [ 5 ] CVE-2012-1148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1148

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201209-06.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

    iTunes for Windows 12.6 addresses the following:

    APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201207-0369",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "apple",
            "version": "10.11.1"
          },
          {
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.1"
          },
          {
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.7"
          },
          {
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.0.0"
          },
          {
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.4"
          },
          {
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.6"
          },
          {
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.8"
          },
          {
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.5"
          },
          {
            "model": "libexpat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "1.95.2"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.11.0"
          },
          {
            "model": "libexpat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.0.1"
          },
          {
            "model": "expat",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "expat",
            "version": "2.1.0"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "10.11"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.8"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.7"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "2.0.0"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.4"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.6"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "2.0.1"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.1"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.2"
          },
          {
            "model": "expat",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libexpat",
            "version": "1.95.5"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9"
          },
          {
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "conferencing standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0"
          },
          {
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "model": "freeflow print server 73.c5.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": "voice portal sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.1"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.8.3"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1.1"
          },
          {
            "model": "clark expat",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "james",
            "version": "2.1"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.1"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "model": "aura session manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.3"
          },
          {
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.9.3"
          },
          {
            "model": "aura system manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "model": "aura conferencing sp1 standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "freeflow print server 81.d0.73",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11.2"
          },
          {
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.1.0.9"
          },
          {
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1"
          },
          {
            "model": "aura communication manager utility services sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.16.1.0.9.8"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura communication manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "model": "aura experience portal",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "aura sip enablement services sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "proactive contact",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "websphere application server full profile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.5"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.4.0"
          },
          {
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "kidd xml-rpc for c/c++",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "eric",
            "version": "1.32"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.3"
          },
          {
            "model": "aura system manager sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "aura system platform sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.4.0.15"
          },
          {
            "model": "aura system platform sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.3"
          },
          {
            "model": "voice portal",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.3"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.3"
          },
          {
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "aura system platform sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "aura system platform",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.2"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "conferencing standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.5"
          },
          {
            "model": "websphere application server liberty profile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.2"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "websphere application server full profile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0.0.52"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "aura sip enablement services ssp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.0.3"
          },
          {
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.0.9.8"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "linux lts lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "solaris sru11.6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.3"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "model": "clark expat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "james",
            "version": "2.0.1"
          },
          {
            "model": "netezza analytics",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.3.0"
          },
          {
            "model": "meeting exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "freeflow print server 91.d2.32",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "websphere application server liberty pr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.0-"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "11"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.5.0.15"
          },
          {
            "model": "aura presence services",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "aura sip enablement services sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "aura presence services sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "model": "aura presence services sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.1"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.3.0"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.1"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "enterprise linux desktop workstation client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "aura sip enablement services ssp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "netezza analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.2"
          },
          {
            "model": "freeflow print server 82.d1.44",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "aura application enablement services",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "mac os security update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x2015"
          },
          {
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "freeflow print server 73.d2.33",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2"
          },
          {
            "model": "aura conferencing standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura system manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.1"
          },
          {
            "model": "kidd xml-rpc for c/c++",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "eric",
            "version": "1.31"
          },
          {
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.20"
          },
          {
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "model": "freeflow print server 93.e0.21c",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0.1"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.5"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.4"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1147"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:libexpat:expat",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apple",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "134748"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2012-1147",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1147",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54428",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1147",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1147",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201204-163",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54428",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54428"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1147"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. The Expat library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML data. \nExploiting these issues allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. \nExpat versions prior to 2.1.0 are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008\n\nOS X El Capitan 10.11.2 and Security Update 2015-008 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.29, the most serious of which may have led to remote code\nexecution. These were addressed by updating PHP to version 5.5.30. \nCVE-ID\nCVE-2015-7803\nCVE-2015-7804\n\nAppSandbox\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A malicious application may maintain access to Contacts\nafter having access revoked\nDescription:  An issue existed in the sandbox\u0027s handling of hard\nlinks. This issue was addressed through improved hardening of the app\nsandbox. \nCVE-ID\nCVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University\nPOLITEHNICA of Bucharest; Luke Deshotels and William Enck of North\nCarolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi\nof TU Darmstadt\n\nBluetooth\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in the Bluetooth HCI\ninterface. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7108 : Ian Beer of Google Project Zero\n\nCFNetwork HTTPProtocol\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  An attacker with a privileged network position may be able\nto bypass HSTS\nDescription:  An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and\nMuneaki Nishimura (nishimunea)\n\nCompression\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  An uninitialized memory access issue existed in zlib. \nThis issue was addressed through improved memory initialization and\nadditional validation of zlib streams. \nCVE-ID\nCVE-2015-7054 : j00ru\n\nConfiguration Profiles\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local attacker may be able to install a configuration\nprofile without admin privileges\nDescription:  An issue existed when installing configuration\nprofiles. This issue was addressed through improved authorization\nchecks. \nCVE-ID\nCVE-2015-7062 : David Mulder of Dell Software\n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreMedia Playback\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of malformed media files. These issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-7074 : Apple\nCVE-2015-7075\n\nDisk Images\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the parsing of\ndisk images. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7110 : Ian Beer of Google Project Zero\n\nEFI\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A path validation issue existed in the kernel loader. \nThis was addressed through improved environment sanitization. \nCVE-ID\nCVE-2015-7063 : Apple\n\nFile Bookmark\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription:  A path validation issue existed in app scoped\nbookmarks. This was addressed through improved environment\nsanitization. \nCVE-ID\nCVE-2015-7071 : Apple\n\nHypervisor\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A use after free issue existed in the handling of VM\nobjects. This issue was addressed through improved memory management. \nCVE-ID\nCVE-2015-7078 : Ian Beer of Google Project Zero\n\niBooks\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription:  An XML external entity reference issue existed with\niBook parsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach\n(@ITSecurityguard)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in ImageIO. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7053 : Apple\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A null pointer dereference issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and\nJeongHoon Shin@A.D.D\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in the Intel Graphics\nDriver. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of\nTrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  An out of bounds memory access issue existed in the\nIntel Graphics Driver. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-7077 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in\nIOAcceleratorFamily. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7109 : Juwei Lin of TrendMicro\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOHIDFamily API. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7111 : beist and ABH of BoB\nCVE-2015-7112 : Ian Beer of Google Project Zero\n\nIOKit SCSI\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  A null pointer dereference existed in the handling of a\ncertain userclient type. This issue was addressed through improved\nvalidation. \nCVE-ID\nCVE-2015-7068 : Ian Beer of Google Project Zero\n\nIOThunderboltFamily\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference existed in\nIOThunderboltFamily\u0027s handling of certain userclient types. This\nissue was addressed through improved validation of\nIOThunderboltFamily contexts. \nCVE-ID\nCVE-2015-7067 : Juwei Lin of TrendMicro\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local application may be able to cause a denial of service\nDescription:  Multiple denial of service issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7043 : Tarjei Mandt (@kernelpool)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7083 : Ian Beer of Google Project Zero\nCVE-2015-7084 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  An issue existed in the parsing of mach messages. This\nissue was addressed through improved validation of mach messages. \nCVE-ID\nCVE-2015-7047 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A validation issue existed during the loading of kernel\nextensions. This issue was addressed through additional verification. \nCVE-ID\nCVE-2015-7052 : Apple\n\nKeychain Access\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A malicious application may be able to masquerade as the\nKeychain Server. \nDescription:  An issue existed in how Keychain Access interacted with\nKeychain Agent. This issue was resolved by removing legacy\nfunctionality. \nCVE-ID\nCVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University\nBloomington, Xiaolong Bai of Indiana University Bloomington and\nTsinghua University, Tongxin Li of Peking University, Kai Chen of\nIndiana University Bloomington and Institute of Information\nEngineering, Xiaojing Liao of Georgia Institute of Technology, Shi-\nMin Hu of Tsinghua University, and Xinhui Han of Peking University\n\nlibarchive\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in the processing of\narchives. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2011-2895 : @practicalswift\n\nlibc\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  Processing a maliciously crafted package may lead to\narbitrary code execution\nDescription:  Multiple buffer overflows existed in the C standard\nlibrary. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-7038\nCVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  Multiple vulnerabilities in expat\nDescription:  Multiple vulnerabilities existed in expat version prior\nto 2.1.0. \nCVE-ID\nCVE-2012-0876 : Vincent Danen\nCVE-2012-1147 : Kurt Seifried\nCVE-2012-1148 : Kurt Seifried\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  A memory corruption issue existed in the parsing of XML\nfiles. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\n\nOpenGL\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in OpenGL. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7064 : Apple\nCVE-2015-7065 : Apple\nCVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nOpenLDAP\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A remote unauthenticated client may be able to cause a\ndenial of service\nDescription:  An input validation issue existed in OpenLDAP. This\nissue was addressed through improved input validation. \nCVE-ID\nCVE-2015-6908\n\nOpenSSH\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  Multiple vulnerabilities in LibreSSL\nDescription:  Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333\nCVE-2015-5334\n\nQuickLook\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact:  Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7107\n\nSandbox\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A malicious application with root privileges may be able to\nbypass kernel address space layout randomization\nDescription:  An insufficient privilege separation issue existed in\nxnu. This issue was addressed by improved authorization checks. \nCVE-ID\nCVE-2015-7046 : Apple\n\nSecurity\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  A memory corruption issue existed in handling SSL\nhandshakes. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7073 : Benoit Foucher of ZeroC, Inc. \n\nSecurity\nAvailable for:  OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact:  Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the ASN.1\ndecoder. These issues were addressed through improved input\nvalidation\nCVE-ID\nCVE-2015-7059 : David Keeler of Mozilla\nCVE-2015-7060 : Tyson Smith of Mozilla\nCVE-2015-7061 : Ryan Sleevi of Google\n\nSecurity\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact:  A malicious application may gain access to a user\u0027s Keychain\nitems\nDescription:  An issue existed in the validation of access control\nlists for keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-7058\n\nSystem Integrity Protection\nAvailable for:  OS X El Capitan v10.11 and v10.11.1\nImpact:  A malicious application with root privileges may be able to\nexecute arbitrary code with system privileges\nDescription:  A privilege issue existed in handling union mounts. \nThis issue was addressed by improved authorization checks. \nCVE-ID\nCVE-2015-7044 : MacDefender\n\nInstallation note:\n\nSecurity Update 2015-008 is recommended for all users and improves the\nsecurity of OS X. After installing this update, the QuickTime 7 web \nbrowser plug-in will no longer be enabled by default. Learn what to \ndo if you still need this legacy plug-in. \nhttps://support.apple.com/en-us/HT205081\n\nOS X El Capitan v10.11.2 includes the security content of\nSafari 9.0.2: https://support.apple.com/en-us/HT205639\n\nOS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j\nPE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn\n+XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ\njtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz\n0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g\nOjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s\nIma2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36\nNum/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB\nBhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY\nZ9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx\nrfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T\ngvIdn3N1k8hWpmYDjxZd\n=Yi/n\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201209-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Expat: Multiple vulnerabilities\n     Date: September 24, 2012\n     Bugs: #280615, #303727, #407519\n       ID: 201209-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Expat, possibly resulting\nin Denial of Service. \n\nBackground\n==========\n\nExpat is a set of XML parsing libraries. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/expat-2.1.0_beta3\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-3560\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560\n[ 2 ] CVE-2009-3720\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720\n[ 3 ] CVE-2012-0876\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0876\n[ 4 ] CVE-2012-1147\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1147\n[ 5 ] CVE-2012-1148\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1148\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-28-2 Additional information for\nAPPLE-SA-2017-03-22-1 iTunes for Windows 12.6\n\niTunes for Windows 12.6 addresses the following:\n\nAPNs Server\nAvailable for:  Windows 7 and later\nImpact: An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription: A client certificate was sent in plaintext",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1147"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "db": "BID",
            "id": "52379"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54428"
          },
          {
            "db": "PACKETSTORM",
            "id": "134748"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "116804"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1147",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "52379",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1034344",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU97526033",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-54428",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134748",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141808",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "116804",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141796",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141937",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54428"
          },
          {
            "db": "BID",
            "id": "52379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "db": "PACKETSTORM",
            "id": "134748"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "116804"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1147"
          }
        ]
      },
      "id": "VAR-201207-0369",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54428"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T21:40:55.900000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008",
            "trust": 0.8,
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
          },
          {
            "title": "HT205637",
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/HT205637"
          },
          {
            "title": "HT205637",
            "trust": 0.8,
            "url": "http://support.apple.com/ja-jp/HT205637"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.libexpat.org/"
          },
          {
            "title": "found a resource leak - ID: 2895533",
            "trust": 0.8,
            "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=2895533\u0026group_id=10127\u0026atid=110127"
          },
          {
            "title": "expat 2.1.0",
            "trust": 0.8,
            "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"
          },
          {
            "title": "Diff of /expat/xmlwf/readfilemap.c",
            "trust": 0.8,
            "url": "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14\u0026r2=1.15"
          },
          {
            "title": "expat-win32bin-2.1.0",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43625"
          },
          {
            "title": "expat-2.1.0",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43626"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54428"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1147"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"
          },
          {
            "trust": 1.7,
            "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/52379"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht205637"
          },
          {
            "trust": 1.7,
            "url": "http://trac.wxwidgets.org/ticket/11194"
          },
          {
            "trust": 1.7,
            "url": "http://trac.wxwidgets.org/ticket/11432"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034344"
          },
          {
            "trust": 1.6,
            "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=2895533\u0026group_id=10127\u0026atid=110127"
          },
          {
            "trust": 1.6,
            "url": "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14\u0026r2=1.15"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1147"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu97526033/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1147"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1147"
          },
          {
            "trust": 0.4,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.4,
            "url": "https://gpgtools.org"
          },
          {
            "trust": 0.4,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3560"
          },
          {
            "trust": 0.3,
            "url": "http://expat.sourceforge.net/"
          },
          {
            "trust": 0.3,
            "url": "http://xmlrpc-c.sourceforge.net/change.html"
          },
          {
            "trust": 0.3,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_resource_management_error_vulnerabilities"
          },
          {
            "trust": 0.3,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/100165124"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024076"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989336"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992933"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988026"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994401"
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/security/advisories/vmsa-2012-0016.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5300"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6153"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3415"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3270"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6607"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3416"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1283"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3717"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3414"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7443"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6702"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4472"
          },
          {
            "trust": 0.3,
            "url": "https://www.apple.com/itunes/download/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14\u0026amp;r2=1.15"
          },
          {
            "trust": 0.1,
            "url": "http://sourceforge.net/tracker/?func=detail\u0026amp;aid=2895533\u0026amp;group_id=10127\u0026amp;atid=110127"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3807"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7052"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7045"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7044"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7047"
          },
          {
            "trust": 0.1,
            "url": "http://www.apple.com/support/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7046"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7060"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7043"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7058"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7053"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6908"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7042"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2895"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7059"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7001"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7039"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7040"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7054"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7063"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7062"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/en-us/ht205081"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/en-us/ht205639"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7061"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7038"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3560"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1147"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1148"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3720"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201209-06.xml"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2480"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5029"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2479"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2383"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2463"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54428"
          },
          {
            "db": "BID",
            "id": "52379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "db": "PACKETSTORM",
            "id": "134748"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "116804"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1147"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54428"
          },
          {
            "db": "BID",
            "id": "52379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "db": "PACKETSTORM",
            "id": "134748"
          },
          {
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "db": "PACKETSTORM",
            "id": "116804"
          },
          {
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1147"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54428"
          },
          {
            "date": "2012-03-09T00:00:00",
            "db": "BID",
            "id": "52379"
          },
          {
            "date": "2012-07-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "date": "2015-12-10T17:16:36",
            "db": "PACKETSTORM",
            "id": "134748"
          },
          {
            "date": "2017-03-24T14:54:06",
            "db": "PACKETSTORM",
            "id": "141808"
          },
          {
            "date": "2012-09-24T15:03:31",
            "db": "PACKETSTORM",
            "id": "116804"
          },
          {
            "date": "2017-03-23T16:22:29",
            "db": "PACKETSTORM",
            "id": "141796"
          },
          {
            "date": "2017-03-28T23:44:44",
            "db": "PACKETSTORM",
            "id": "141937"
          },
          {
            "date": "2012-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          },
          {
            "date": "2012-07-03T19:55:02.663000",
            "db": "NVD",
            "id": "CVE-2012-1147"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54428"
          },
          {
            "date": "2017-03-29T03:01:00",
            "db": "BID",
            "id": "52379"
          },
          {
            "date": "2015-12-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1147"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Expat of  readfilemap.c Service disruption in  ( File descriptor consumption ) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002978"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "52379"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-163"
          }
        ],
        "trust": 0.9
      }
    }