VAR-202202-0081
Vulnerability from variot - Updated: 2026-03-09 22:35In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5085-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2022 https://www.debian.org/security/faq
Package : expat CVE ID : CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 Debian Bug : 1005894 1005895
Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3.
For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2.
For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N Z0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E D3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK F50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9 /+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8 pBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX Olq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv TCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff JvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV tL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau mxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E= =MVQQ -----END PGP SIGNATURE----- . Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
Bug fix:
-
RHACM 2.3.8 images (Bugzilla #2062316)
-
Bugs fixed (https://bugzilla.redhat.com/):
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images
-
This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. After installing the updated packages, the httpd daemon will be restarted automatically. 8) - noarch
-
Description:
Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW.
The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 8.2) - aarch64, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2022:0824-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0824 Issue date: 2022-03-10 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 =====================================================================
- Summary:
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 91.7.0 ESR.
Security Fix(es):
-
Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)
-
Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)
-
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
-
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
-
expat: Integer overflow in storeRawNames() (CVE-2022-25315)
-
Mozilla: Use-after-free in text reflows (CVE-2022-26381)
-
Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)
-
Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)
-
Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)
-
Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: firefox-91.7.0-3.el7_9.src.rpm
x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: firefox-91.7.0-3.el7_9.i686.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: firefox-91.7.0-3.el7_9.src.rpm
ppc64: firefox-91.7.0-3.el7_9.ppc64.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm
ppc64le: firefox-91.7.0-3.el7_9.ppc64le.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm
s390x: firefox-91.7.0-3.el7_9.s390x.rpm firefox-debuginfo-91.7.0-3.el7_9.s390x.rpm
x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
x86_64: firefox-91.7.0-3.el7_9.i686.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: firefox-91.7.0-3.el7_9.src.rpm
x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: firefox-91.7.0-3.el7_9.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz 8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S PzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R 2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf ew6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9 SUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM 14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93 vs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL c8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky zEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x Lu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+ bKcbZLzdIk8= =OOuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "libexpat",
"scope": "lt",
"trust": 1.0,
"vendor": "libexpat",
"version": "2.4.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166414"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166505"
},
{
"db": "PACKETSTORM",
"id": "166261"
}
],
"trust": 0.6
},
"cve": "CVE-2022-25315",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-25315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-415282",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-25315",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-25315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1615",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-415282",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-25315",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "VULMON",
"id": "CVE-2022-25315"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1615"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"description": {
"_id": null,
"data": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5085-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 22, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nCVE ID : CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314\n CVE-2022-25315\nDebian Bug : 1005894 1005895\n\nSeveral vulnerabilities have been discovered in Expat, an XML parsing C\nlibrary, which could result in denial of service or potentially the\nexecution of arbitrary code, if a malformed XML file is processed. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u3. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u2. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N\nZ0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E\nD3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK\nF50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9\n/+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8\npBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX\nOlq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv\nTCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff\nJvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV\ntL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau\nmxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E=\n=MVQQ\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. After installing the updated packages, the\nhttpd daemon will be restarted automatically. 8) - noarch\n\n3. Description:\n\nExpat is a C library for parsing XML documents. The mingw-expat packages\nprovide a port of the Expat library for MinGW. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-expat (2.4.8). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: firefox security and bug fix update\nAdvisory ID: RHSA-2022:0824-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0824\nIssue date: 2022-03-10\nCVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 \n CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 \n CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 \n CVE-2022-26486 \n=====================================================================\n\n1. Summary:\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. \n\nThis update upgrades Firefox to version 91.7.0 ESR. \n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)\n\n* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* Mozilla: Use-after-free in text reflows (CVE-2022-26381)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)\n\n* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)\n\n* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n(CVE-2022-26387)\n\n* Mozilla: Temporary files downloaded to /tmp and accessible by other local\nusers (CVE-2022-26386)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks\ncannot be used any more (BZ#2030190)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework\n2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing\n2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode\n2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass\n2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures\n2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows\n2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nppc64:\nfirefox-91.7.0-3.el7_9.ppc64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm\n\nppc64le:\nfirefox-91.7.0-3.el7_9.ppc64le.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm\n\ns390x:\nfirefox-91.7.0-3.el7_9.s390x.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.s390x.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nfirefox-91.7.0-3.el7_9.src.rpm\n\nx86_64:\nfirefox-91.7.0-3.el7_9.x86_64.rpm\nfirefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nfirefox-91.7.0-3.el7_9.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/cve/CVE-2022-26381\nhttps://access.redhat.com/security/cve/CVE-2022-26383\nhttps://access.redhat.com/security/cve/CVE-2022-26384\nhttps://access.redhat.com/security/cve/CVE-2022-26386\nhttps://access.redhat.com/security/cve/CVE-2022-26387\nhttps://access.redhat.com/security/cve/CVE-2022-26485\nhttps://access.redhat.com/security/cve/CVE-2022-26486\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz\n8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S\nPzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R\n2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf\new6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9\nSUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM\n14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93\nvs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL\nc8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky\nzEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x\nLu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+\nbKcbZLzdIk8=\n=OOuA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25315"
},
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "VULMON",
"id": "CVE-2022-25315"
},
{
"db": "PACKETSTORM",
"id": "169228"
},
{
"db": "PACKETSTORM",
"id": "166414"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166505"
},
{
"db": "PACKETSTORM",
"id": "166261"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-25315",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/02/19/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "169777",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166414",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167226",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166296",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166500",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166453",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166983",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166254",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166954",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166348",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166275",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166437",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022031502",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040715",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050424",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022033002",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070605",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032224",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060617",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032445",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030855",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031020",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060122",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031627",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031406",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051320",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042116",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072710",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022411",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061722",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072065",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072607",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041272",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0934",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5666",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4174",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1507",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0946",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1579",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0785.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1295",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1023",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1069",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2607",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2476",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3299",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166703",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166638",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1615",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166505",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166261",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-18355",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166277",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166291",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166300",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166274",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415282",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-25315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169541",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "VULMON",
"id": "CVE-2022-25315"
},
{
"db": "PACKETSTORM",
"id": "169228"
},
{
"db": "PACKETSTORM",
"id": "166414"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166505"
},
{
"db": "PACKETSTORM",
"id": "166261"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1615"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"id": "VAR-202202-0081",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
}
],
"trust": 0.7003805
},
"last_update_date": "2026-03-09T22:35:30.057000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Expat Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183928"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1570",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1570"
},
{
"title": "Ubuntu Security Notice: USN-5320-1: Expat vulnerabilities and regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5320-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-25315"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1759",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1759"
},
{
"title": "Red Hat: Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221053 - Security Advisory"
},
{
"title": "Red Hat: Important: expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221068 - Security Advisory"
},
{
"title": "Red Hat: Important: expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221309 - Security Advisory"
},
{
"title": "Red Hat: Important: expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221070 - Security Advisory"
},
{
"title": "Red Hat: Important: expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221012 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5085-1 expat -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b32ad21c953fb4340d1a4cbd3394eb98"
},
{
"title": "Red Hat: Important: mingw-expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227811 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Virtualization 4.10.1 Images security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224668 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-036",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-036"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221739 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220816 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220824 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220818 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220817 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220815 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220850 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220847 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220853 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220845 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220843 - Security Advisory"
},
{
"title": "Red Hat: Important: expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
},
{
"title": "Red Hat: Important: RHV-H security update (redhat-virtualization-host) 4.3.22",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221263 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1779",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1779"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221622 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
},
{
"title": "Red Hat: Low: Release of OpenShift Serverless Version 1.22.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS-2022-232",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-232"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/manas3c/CVE-POC "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-25315"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1615"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5085"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"trust": 1.8,
"url": "https://github.com/libexpat/libexpat/pull/559"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1295"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022411"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040715"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2476"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032224"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166703/red-hat-security-advisory-2022-1309-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022109"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166296/red-hat-security-advisory-2022-0847-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166638/red-hat-security-advisory-2022-1263-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0946"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166500/red-hat-security-advisory-2022-1068-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167226/red-hat-security-advisory-2022-4668-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0785.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166254/ubuntu-security-notice-usn-5320-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050424"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166983/red-hat-security-advisory-2022-1739-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041272"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166275/red-hat-security-advisory-2022-0816-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1507"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051320"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0934"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032922"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032005"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1069"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1023"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25315/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166453/red-hat-security-advisory-2022-1053-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031020"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166414/red-hat-security-advisory-2022-1012-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060122"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031502"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030855"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1579"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1570.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5320-1"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/expat"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26381"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26381"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "VULMON",
"id": "CVE-2022-25315"
},
{
"db": "PACKETSTORM",
"id": "169228"
},
{
"db": "PACKETSTORM",
"id": "166414"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "166505"
},
{
"db": "PACKETSTORM",
"id": "166261"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1615"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-415282",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2022-25315",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169228",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166414",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166516",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169541",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169777",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166505",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166261",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1615",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-25315",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-415282",
"ident": null
},
{
"date": "2022-02-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25315",
"ident": null
},
{
"date": "2022-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169228",
"ident": null
},
{
"date": "2022-03-23T15:58:43",
"db": "PACKETSTORM",
"id": "166414",
"ident": null
},
{
"date": "2022-03-29T15:53:19",
"db": "PACKETSTORM",
"id": "166516",
"ident": null
},
{
"date": "2022-10-27T13:05:26",
"db": "PACKETSTORM",
"id": "169541",
"ident": null
},
{
"date": "2022-11-08T13:49:57",
"db": "PACKETSTORM",
"id": "169777",
"ident": null
},
{
"date": "2022-03-28T15:55:49",
"db": "PACKETSTORM",
"id": "166505",
"ident": null
},
{
"date": "2022-03-11T16:21:19",
"db": "PACKETSTORM",
"id": "166261",
"ident": null
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1615",
"ident": null
},
{
"date": "2022-02-18T05:15:08.237000",
"db": "NVD",
"id": "CVE-2022-25315",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-415282",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25315",
"ident": null
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1615",
"ident": null
},
{
"date": "2025-05-05T17:18:01.760000",
"db": "NVD",
"id": "CVE-2022-25315",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1615"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Expat Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1615"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1615"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…