VAR-202202-0050
Vulnerability from variot - Updated: 2026-04-10 22:16xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. (BZ#2048407)
-
Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40 Highlights and important bug fixes: consume libvirt fix for failure to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by too many open files from libvirtd. (BZ#2057048)
-
8) - noarch
-
Description:
Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW.
The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2022:0824-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0824 Issue date: 2022-03-10 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 =====================================================================
- Summary:
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 91.7.0 ESR.
Security Fix(es):
-
Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)
-
Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)
-
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
-
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
-
expat: Integer overflow in storeRawNames() (CVE-2022-25315)
-
Mozilla: Use-after-free in text reflows (CVE-2022-26381)
-
Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)
-
Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)
-
Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)
-
Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: firefox-91.7.0-3.el7_9.src.rpm
x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: firefox-91.7.0-3.el7_9.i686.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: firefox-91.7.0-3.el7_9.src.rpm
ppc64: firefox-91.7.0-3.el7_9.ppc64.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm
ppc64le: firefox-91.7.0-3.el7_9.ppc64le.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm
s390x: firefox-91.7.0-3.el7_9.s390x.rpm firefox-debuginfo-91.7.0-3.el7_9.s390x.rpm
x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
x86_64: firefox-91.7.0-3.el7_9.i686.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: firefox-91.7.0-3.el7_9.src.rpm
x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: firefox-91.7.0-3.el7_9.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz 8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S PzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R 2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf ew6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9 SUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM 14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93 vs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL c8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky zEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x Lu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+ bKcbZLzdIk8= =OOuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - ppc64le, x86_64
- 8.2) - aarch64, ppc64le, s390x, x86_64
3
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "libexpat",
"scope": "lt",
"trust": 1.0,
"vendor": "libexpat",
"version": "2.4.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "PACKETSTORM",
"id": "166261"
},
{
"db": "PACKETSTORM",
"id": "166277"
},
{
"db": "PACKETSTORM",
"id": "166276"
},
{
"db": "PACKETSTORM",
"id": "166275"
},
{
"db": "PACKETSTORM",
"id": "166274"
}
],
"trust": 0.8
},
"cve": "CVE-2022-25235",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-25235",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-415126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-25235",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25235",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-25235",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1315",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-415126",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"description": {
"_id": null,
"data": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. (BZ#2048407)\n\n* Rebase package(s) to version:\nlibvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40\nHighlights and important bug fixes: consume libvirt fix for failure to\nconnect socket to \u0027/run/libvirt/virtlogd-sock\u0027 - possibly caused by too\nmany open files from libvirtd. (BZ#2057048)\n\n4. 8) - noarch\n\n3. Description:\n\nExpat is a C library for parsing XML documents. The mingw-expat packages\nprovide a port of the Expat library for MinGW. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-expat (2.4.8). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: firefox security and bug fix update\nAdvisory ID: RHSA-2022:0824-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0824\nIssue date: 2022-03-10\nCVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 \n CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 \n CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 \n CVE-2022-26486 \n=====================================================================\n\n1. Summary:\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. \n\nThis update upgrades Firefox to version 91.7.0 ESR. \n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)\n\n* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* Mozilla: Use-after-free in text reflows (CVE-2022-26381)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)\n\n* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)\n\n* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n(CVE-2022-26387)\n\n* Mozilla: Temporary files downloaded to /tmp and accessible by other local\nusers (CVE-2022-26386)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks\ncannot be used any more (BZ#2030190)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework\n2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing\n2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode\n2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass\n2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows\n2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nppc64:\nfirefox-91.7.0-3.el7_9.ppc64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm\n\nppc64le:\nfirefox-91.7.0-3.el7_9.ppc64le.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm\n\ns390x:\nfirefox-91.7.0-3.el7_9.s390x.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.s390x.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/cve/CVE-2022-26381\nhttps://access.redhat.com/security/cve/CVE-2022-26383\nhttps://access.redhat.com/security/cve/CVE-2022-26384\nhttps://access.redhat.com/security/cve/CVE-2022-26386\nhttps://access.redhat.com/security/cve/CVE-2022-26387\nhttps://access.redhat.com/security/cve/CVE-2022-26485\nhttps://access.redhat.com/security/cve/CVE-2022-26486\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz\n8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S\nPzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R\n2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf\new6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9\nSUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM\n14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93\nvs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL\nc8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky\nzEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x\nLu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+\nbKcbZLzdIk8=\n=OOuA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8.1) - ppc64le, x86_64\n\n3. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25235"
},
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "PACKETSTORM",
"id": "166261"
},
{
"db": "PACKETSTORM",
"id": "166277"
},
{
"db": "PACKETSTORM",
"id": "166276"
},
{
"db": "PACKETSTORM",
"id": "166275"
},
{
"db": "PACKETSTORM",
"id": "166274"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-25235",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/02/19/1",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "166453",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166348",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166275",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169777",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167226",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166500",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166296",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167008",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166983",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166954",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166437",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166414",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168578",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166703",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166845",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166638",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0934",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5666",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4174",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1507",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0946",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1861",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1579",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0785.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1295",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1023",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2024",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1069",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2607",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2476",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3299",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040715",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050424",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022033002",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070605",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032224",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060617",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032445",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052423",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031020",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060122",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031627",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031428",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051320",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031108",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042116",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072710",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042629",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022411",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061722",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072065",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072607",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041272",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166277",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166276",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166261",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166274",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166505",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166291",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166300",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-18356",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415126",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "PACKETSTORM",
"id": "166261"
},
{
"db": "PACKETSTORM",
"id": "166277"
},
{
"db": "PACKETSTORM",
"id": "166276"
},
{
"db": "PACKETSTORM",
"id": "166275"
},
{
"db": "PACKETSTORM",
"id": "166274"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"id": "VAR-202202-0050",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
}
],
"trust": 0.7003805
},
"last_update_date": "2026-04-10T22:16:27.762000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-116",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5085"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"trust": 1.7,
"url": "https://github.com/libexpat/libexpat/pull/562"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1295"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022411"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040715"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2476"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032224"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166703/red-hat-security-advisory-2022-1309-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022109"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166845/red-hat-security-advisory-2022-1540-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166296/red-hat-security-advisory-2022-0847-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166638/red-hat-security-advisory-2022-1263-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0946"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166500/red-hat-security-advisory-2022-1068-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167226/red-hat-security-advisory-2022-4668-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0785.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050424"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166983/red-hat-security-advisory-2022-1739-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031428"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041272"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166275/red-hat-security-advisory-2022-0816-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1507"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051320"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0934"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032922"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032005"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1069"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1861"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1023"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166453/red-hat-security-advisory-2022-1053-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031020"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166414/red-hat-security-advisory-2022-1012-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042629"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060122"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031108"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2024"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052423"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1579"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-26485"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-26386"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-26387"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26386"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26383"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26486"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26387"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26381"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-26384"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-26383"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26485"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-26486"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26384"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-26381"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0817"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "PACKETSTORM",
"id": "166261"
},
{
"db": "PACKETSTORM",
"id": "166277"
},
{
"db": "PACKETSTORM",
"id": "166276"
},
{
"db": "PACKETSTORM",
"id": "166275"
},
{
"db": "PACKETSTORM",
"id": "166274"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-415126",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166453",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169777",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166348",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166261",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166277",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166276",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166275",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166274",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-25235",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-415126",
"ident": null
},
{
"date": "2022-03-25T15:19:32",
"db": "PACKETSTORM",
"id": "166453",
"ident": null
},
{
"date": "2022-11-08T13:49:57",
"db": "PACKETSTORM",
"id": "169777",
"ident": null
},
{
"date": "2022-03-17T15:51:32",
"db": "PACKETSTORM",
"id": "166348",
"ident": null
},
{
"date": "2022-03-11T16:21:19",
"db": "PACKETSTORM",
"id": "166261",
"ident": null
},
{
"date": "2022-03-11T16:37:50",
"db": "PACKETSTORM",
"id": "166277",
"ident": null
},
{
"date": "2022-03-11T16:37:42",
"db": "PACKETSTORM",
"id": "166276",
"ident": null
},
{
"date": "2022-03-11T16:37:32",
"db": "PACKETSTORM",
"id": "166275",
"ident": null
},
{
"date": "2022-03-11T16:37:24",
"db": "PACKETSTORM",
"id": "166274",
"ident": null
},
{
"date": "2022-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1315",
"ident": null
},
{
"date": "2022-02-16T01:15:07.607000",
"db": "NVD",
"id": "CVE-2022-25235",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-415126",
"ident": null
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1315",
"ident": null
},
{
"date": "2025-05-05T17:18:00.623000",
"db": "NVD",
"id": "CVE-2022-25235",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Expat Code injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "overflow, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "PACKETSTORM",
"id": "166261"
},
{
"db": "PACKETSTORM",
"id": "166277"
},
{
"db": "PACKETSTORM",
"id": "166276"
},
{
"db": "PACKETSTORM",
"id": "166275"
},
{
"db": "PACKETSTORM",
"id": "166274"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…