VAR-202203-0129
Vulnerability from variot - Updated: 2026-03-09 21:08A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. macOS Exists in unspecified vulnerabilities.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-2 watchOS 8.5
watchOS 8.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213193.
Accelerate Framework Available for: Apple Watch Series 3 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AppleAVD Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory corruption issue was addressed with improved validation. CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22596: an anonymous researcher CVE-2022-22640: sqrtpwn
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
libarchive Available for: Apple Watch Series 3 and later Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. CVE-2021-36976
MediaRemote Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to identify what other applications a user has installed Description: An access issue was addressed with improved access restrictions. CVE-2022-22670: Brandon Azad
Phone Available for: Apple Watch Series 3 and later Impact: A user may be able to bypass the Emergency SOS passcode prompt Description: This issue was addressed with improved checks. CVE-2022-22618: Yicong Ding (@AntonioDing)
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari Available for: Apple Watch Series 3 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A user interface issue was addressed. CVE-2022-22654: Abdullah Md Shaleh of take0ver
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: Apple Watch Series 3 and later Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
UIKit Available for: Apple Watch Series 3 and later Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Apple Watch Series 3 and later Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Safari We would like to acknowledge Konstantin Darutkin of FingerprintJS (fingerprintjs.com) for their assistance.
Shortcuts We would like to acknowledge Baibhav Anand Jha of Streamers Land for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
Wallet We would like to acknowledge an anonymous researcher for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0XwACgkQeC9qKD1p rhg7xg/+OVmgvQa8AfIpDqKoFyJQxRWv5eurCr0FWdtmUFmaqSZx1/gIGApxEIX9 Y2b9tEvhejRuUOkX4vpJcYvDsad6NvColSho5it16Hj3aRU3R4VseRmsVbaTwoap MQWRT+EHtB1zWOz9kGTFN6xScPVpnc18IrACQqO5SYB/ovvA6iNlee5OoQtWANd9 0Wm9/MHwVUng2MXmjeDNZ5C8cHt41W4/8brZFBqoThDeaGb+dx/KLNzlzIpN7ttC eCD2xXo6F+Q5uKUuwZHVm2g+PyV6CmeBtZYHGzGGo18fLLreBq7oUBf+KNzRxdTG x517r3SfjnwScVO/NJXa33fWHOrlNWvNwOHPsp1JgX1B/YVGSoJDIWxu3kAdOQ6b Z5ts7CIV8MOchvYG64UVO/Lt4e2/ABlkxF5vRD0k2KRIOWQh7mvTy0b4Reu2sbGF t088QoinhRgWU+JXYSUZ4Nex5lelcF9F2SlOh2CS+VmvfzatV0NiTTPTknP+2/pZ sLPO3oEmoqYczdviEtAZ3ghSrPWqqx1W2xBvnCTlteIZiIprgU/ZOcLaQiaHZ5c5 GKyxZCgguW40SzjrcdnbN9KSk+Pwta5oiKhzA43M+fl25jIic1rTvQIc91uL6/7O 9BSRyu2ZW0bfZEkgjPQF2ui4IBfZ81ayEsmh/e41JCbXnGvNFtY=K1Lq -----END PGP SIGNATURE-----
. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance. Description:
Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
This advisory contains bug fixes and enhancements to the Submariner container images.
Security fixes:
- CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
Bugs addressed:
- subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)
- [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)
- Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)
- submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)
- Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)
- unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)
- [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)
- Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)
- RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)
- Submariner OVN support (ACM-1358)
- Submariner Azure Console support (ACM-1388)
- ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)
- Submariner on disconnected ACM #22000 (ACM-1678)
- Submariner gateway: Error creating AWS security group if already exists (ACM-2055)
- Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)
- The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)
- The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)
- Subctl 0.14.0 prints version "vsubctl" (ACM-2132)
- managedclusters "local-cluster" not found and missing Submariner Broker CRD (ACM-2145)
- Add support of ARO to Submariner deployment (ACM-2150)
- The e2e tests execution fails for "Basic TCP connectivity" tests (ACM-2204)
- Gateway error shown "diagnose all" tests (ACM-2206)
- Submariner does not support cluster "kube-proxy ipvs mode"(ACM-2211)
- Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)
- Cannot use submariner with OSP and self signed certs (ACM-2274)
- Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)
-
Subctl 0.14.1 prints version "devel" (ACM-2482)
-
Bugs fixed (https://bugzilla.redhat.com/):
2013711 - subctl diagnose firewall metrics does not work on merged kubeconfig 2097381 - [Submariner] - Fails to increase gateway amount after deployment 2108634 - Submariner gateway node does not get deleted with subctl cloud cleanup command 2119362 - submariner GW pods are unable to resolve the DNS of the Broker K8s API URL 2124219 - Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2130326 - unable to run subctl benchmark latency, pods fail with ImagePullBackOff 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2136442 - [IBM Z] - Submariner addon unistallation doesnt work from ACM console 2139477 - Tags on AWS security group for gateway node break cloud-controller LoadBalancer 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
- JIRA issues fixed (https://issues.jboss.org/):
ACM-1614 - ManagedClusterSet consumers migrate to v1beta2 (Submariner) ACM-2055 - Submariner gateway: Error creating AWS security group if already exists ACM-2057 - [Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner ACM-2058 - [Submariner] - The submariner-metrics-proxy pod pulls an image with wrong naming convention ACM-2067 - [Submariner] - The submariner-metrics-proxy pod is not part of the Agent readiness check ACM-2132 - Subctl 0.14.0 prints version "vsubctl" ACM-2145 - managedclusters "local-cluster" not found and missing Submariner Broker CRD ACM-2150 - Add support of ARO to Submariner deployment ACM-2204 - [Submariner] - e2e tests execution fails for "Basic TCP connectivity" tests ACM-2206 - [Submariner] - Gateway error shown "diagnose all" tests ACM-2211 - [Submariner] - Submariner does not support cluster "kube-proxy ipvs mode" ACM-2256 - [Submariner] - Vsphere cluster shows Pod Security admission controller warnings ACM-2274 - Cannot use submariner with OSP and self signed certs ACM-2387 - [Submariner] - subctl diagnose tests spawn nettest image with wrong tag nameing convention ACM-2482 - Subctl 0.14.1 prints version "devel"
- Bugs fixed (https://bugzilla.redhat.com/):
2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
- Summary:
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
-
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
-
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
-
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
-
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
-
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
-
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
-
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
-
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
-
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2132957 - Migration fails at UnQuiesceDestApplications step in OCP 4.12 2137304 - Location for host cluster is missing in the UI 2140208 - When editing a MigHook in the UI, the page may fail to reload 2143628 - Unable to create Storage Class Conversion plan due to missing cronjob error in OCP 4.12 2143872 - Namespaces page in web console stuck in loading phase 2149920 - Migration fails at prebackupHooks step
- JIRA issues fixed (https://issues.jboss.org/):
MIG-1240 - Implement proposed changes for DVM support with PSAs in 4.12
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update Advisory ID: RHSA-2022:8781-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2022:8781 Issue date: 2022-12-08 CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2020-36516 CVE-2020-36518 CVE-2020-36558 CVE-2021-3640 CVE-2021-30002 CVE-2022-0168 CVE-2022-0561 CVE-2022-0562 CVE-2022-0617 CVE-2022-0854 CVE-2022-0865 CVE-2022-0891 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1184 CVE-2022-1292 CVE-2022-1304 CVE-2022-1355 CVE-2022-1586 CVE-2022-1785 CVE-2022-1852 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2078 CVE-2022-2097 CVE-2022-2509 CVE-2022-2586 CVE-2022-2639 CVE-2022-2879 CVE-2022-2880 CVE-2022-2938 CVE-2022-3515 CVE-2022-20368 CVE-2022-21499 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-22844 CVE-2022-23960 CVE-2022-24448 CVE-2022-25255 CVE-2022-26373 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-27664 CVE-2022-27950 CVE-2022-28390 CVE-2022-28893 CVE-2022-29581 CVE-2022-30293 CVE-2022-32189 CVE-2022-34903 CVE-2022-36946 CVE-2022-37434 CVE-2022-37603 CVE-2022-39399 CVE-2022-41715 CVE-2022-42003 CVE-2022-42004 =====================================================================
- Summary:
Logging Subsystem 5.5.5 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Logging Subsystem 5.5.5 - Red Hat OpenShift
Security Fixe(s):
-
jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
-
golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
-
golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)
-
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
-
jackson-databind: use of deeply nested arrays (CVE-2022-42004)
-
loader-utils: Regular expression denial of service (CVE-2022-37603)
-
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
For Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config
- References:
https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2020-36516 https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2020-36558 https://access.redhat.com/security/cve/CVE-2021-3640 https://access.redhat.com/security/cve/CVE-2021-30002 https://access.redhat.com/security/cve/CVE-2022-0168 https://access.redhat.com/security/cve/CVE-2022-0561 https://access.redhat.com/security/cve/CVE-2022-0562 https://access.redhat.com/security/cve/CVE-2022-0617 https://access.redhat.com/security/cve/CVE-2022-0854 https://access.redhat.com/security/cve/CVE-2022-0865 https://access.redhat.com/security/cve/CVE-2022-0891 https://access.redhat.com/security/cve/CVE-2022-0908 https://access.redhat.com/security/cve/CVE-2022-0909 https://access.redhat.com/security/cve/CVE-2022-0924 https://access.redhat.com/security/cve/CVE-2022-1016 https://access.redhat.com/security/cve/CVE-2022-1048 https://access.redhat.com/security/cve/CVE-2022-1055 https://access.redhat.com/security/cve/CVE-2022-1184 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1355 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1852 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2078 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2586 https://access.redhat.com/security/cve/CVE-2022-2639 https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-2938 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-20368 https://access.redhat.com/security/cve/CVE-2022-21499 https://access.redhat.com/security/cve/CVE-2022-21618 https://access.redhat.com/security/cve/CVE-2022-21619 https://access.redhat.com/security/cve/CVE-2022-21624 https://access.redhat.com/security/cve/CVE-2022-21626 https://access.redhat.com/security/cve/CVE-2022-21628 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-22844 https://access.redhat.com/security/cve/CVE-2022-23960 https://access.redhat.com/security/cve/CVE-2022-24448 https://access.redhat.com/security/cve/CVE-2022-25255 https://access.redhat.com/security/cve/CVE-2022-26373 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-27950 https://access.redhat.com/security/cve/CVE-2022-28390 https://access.redhat.com/security/cve/CVE-2022-28893 https://access.redhat.com/security/cve/CVE-2022-29581 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-36946 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-37603 https://access.redhat.com/security/cve/CVE-2022-39399 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"db": "NVD",
"id": "CVE-2022-22662"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "170898"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "170162"
}
],
"trust": 0.6
},
"cve": "CVE-2022-22662",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-22662",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-411290",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22662",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22662",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22662",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22662",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-411290",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411290"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"db": "NVD",
"id": "CVE-2022-22662"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. macOS Exists in unspecified vulnerabilities.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-2 watchOS 8.5\n\nwatchOS 8.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213193. \n\nAccelerate Framework\nAvailable for: Apple Watch Series 3 and later\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAppleAVD\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22666: Marc Schoenefeld, Dr. rer. nat. \n\nImageIO\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22596: an anonymous researcher\nCVE-2022-22640: sqrtpwn\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nlibarchive\nAvailable for: Apple Watch Series 3 and later\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nCVE-2021-36976\n\nMediaRemote\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to identify what other\napplications a user has installed\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-22670: Brandon Azad\n\nPhone\nAvailable for: Apple Watch Series 3 and later\nImpact: A user may be able to bypass the Emergency SOS passcode\nprompt\nDescription: This issue was addressed with improved checks. \nCVE-2022-22618: Yicong Ding (@AntonioDing)\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSafari\nAvailable for: Apple Watch Series 3 and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A user interface issue was addressed. \nCVE-2022-22654: Abdullah Md Shaleh of take0ver\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: Apple Watch Series 3 and later\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nUIKit\nAvailable for: Apple Watch Series 3 and later\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nSafari\nWe would like to acknowledge Konstantin Darutkin of FingerprintJS\n(fingerprintjs.com) for their assistance. \n\nShortcuts\nWe would like to acknowledge Baibhav Anand Jha of Streamers Land for\ntheir assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWallet\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641 To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\". Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0XwACgkQeC9qKD1p\nrhg7xg/+OVmgvQa8AfIpDqKoFyJQxRWv5eurCr0FWdtmUFmaqSZx1/gIGApxEIX9\nY2b9tEvhejRuUOkX4vpJcYvDsad6NvColSho5it16Hj3aRU3R4VseRmsVbaTwoap\nMQWRT+EHtB1zWOz9kGTFN6xScPVpnc18IrACQqO5SYB/ovvA6iNlee5OoQtWANd9\n0Wm9/MHwVUng2MXmjeDNZ5C8cHt41W4/8brZFBqoThDeaGb+dx/KLNzlzIpN7ttC\neCD2xXo6F+Q5uKUuwZHVm2g+PyV6CmeBtZYHGzGGo18fLLreBq7oUBf+KNzRxdTG\nx517r3SfjnwScVO/NJXa33fWHOrlNWvNwOHPsp1JgX1B/YVGSoJDIWxu3kAdOQ6b\nZ5ts7CIV8MOchvYG64UVO/Lt4e2/ABlkxF5vRD0k2KRIOWQh7mvTy0b4Reu2sbGF\nt088QoinhRgWU+JXYSUZ4Nex5lelcF9F2SlOh2CS+VmvfzatV0NiTTPTknP+2/pZ\nsLPO3oEmoqYczdviEtAZ3ghSrPWqqx1W2xBvnCTlteIZiIprgU/ZOcLaQiaHZ5c5\nGKyxZCgguW40SzjrcdnbN9KSk+Pwta5oiKhzA43M+fl25jIic1rTvQIc91uL6/7O\n9BSRyu2ZW0bfZEkgjPQF2ui4IBfZ81ayEsmh/e41JCbXnGvNFtY=K1Lq\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. Description:\n\nVersion 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nThis advisory contains bug fixes and enhancements to the Submariner\ncontainer images. \n\nSecurity fixes:\n\n* CVE-2022-27664 golang: net/http: handle server errors after sending\nGOAWAY\n* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward\nunparseable query parameters\n* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing\nregexps\n* CVE-2022-41717 golang: net/http: An attacker can cause excessive memory\ngrowth in a Go server accepting HTTP/2 requests\n\nBugs addressed:\n\n* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ#\n2013711)\n* [Submariner] - Fails to increase gateway amount after deployment (BZ#\n2097381)\n* Submariner gateway node does not get deleted with subctl cloud cleanup\ncommand (BZ# 2108634)\n* submariner GW pods are unable to resolve the DNS of the Broker K8s API\nURL (BZ# 2119362)\n* Submariner gateway node does not get deployed after applying\nManagedClusterAddOn on Openstack (BZ# 2124219)\n* unable to run subctl benchmark latency, pods fail with ImagePullBackOff\n(BZ# 2130326)\n* [IBM Z] - Submariner addon unistallation doesnt work from ACM console\n(BZ# 2136442)\n* Tags on AWS security group for gateway node break cloud-controller\nLoadBalancer (BZ# 2139477)\n* RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)\n* Submariner OVN support (ACM-1358)\n* Submariner Azure Console support (ACM-1388)\n* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)\n* Submariner on disconnected ACM #22000 (ACM-1678)\n* Submariner gateway: Error creating AWS security group if already exists\n(ACM-2055)\n* Submariner gateway security group in AWS not deleted when uninstalling\nsubmariner (ACM-2057)\n* The submariner-metrics-proxy pod pulls an image with wrong naming\nconvention (ACM-2058)\n* The submariner-metrics-proxy pod is not part of the Agent readiness check\n(ACM-2067)\n* Subctl 0.14.0 prints version \"vsubctl\" (ACM-2132)\n* managedclusters \"local-cluster\" not found and missing Submariner Broker\nCRD (ACM-2145)\n* Add support of ARO to Submariner deployment (ACM-2150)\n* The e2e tests execution fails for \"Basic TCP connectivity\" tests\n(ACM-2204)\n* Gateway error shown \"diagnose all\" tests (ACM-2206)\n* Submariner does not support cluster \"kube-proxy ipvs mode\"(ACM-2211)\n* Vsphere cluster shows Pod Security admission controller warnings\n(ACM-2256)\n* Cannot use submariner with OSP and self signed certs (ACM-2274)\n* Subctl diagnose tests spawn nettest image with wrong tag nameing\nconvention (ACM-2387)\n* Subctl 0.14.1 prints version \"devel\" (ACM-2482)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2013711 - subctl diagnose firewall metrics does not work on merged kubeconfig\n2097381 - [Submariner] - Fails to increase gateway amount after deployment\n2108634 - Submariner gateway node does not get deleted with subctl cloud cleanup command\n2119362 - submariner GW pods are unable to resolve the DNS of the Broker K8s API URL\n2124219 - Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2130326 - unable to run subctl benchmark latency, pods fail with ImagePullBackOff\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2136442 - [IBM Z] - Submariner addon unistallation doesnt work from ACM console\n2139477 - Tags on AWS security group for gateway node break cloud-controller LoadBalancer\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nACM-1614 - ManagedClusterSet consumers migrate to v1beta2 (Submariner)\nACM-2055 - Submariner gateway: Error creating AWS security group if already exists\nACM-2057 - [Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner\nACM-2058 - [Submariner] - The submariner-metrics-proxy pod pulls an image with wrong naming convention\nACM-2067 - [Submariner] - The submariner-metrics-proxy pod is not part of the Agent readiness check\nACM-2132 - Subctl 0.14.0 prints version \"vsubctl\"\nACM-2145 - managedclusters \"local-cluster\" not found and missing Submariner Broker CRD\nACM-2150 - Add support of ARO to Submariner deployment\nACM-2204 - [Submariner] - e2e tests execution fails for \"Basic TCP connectivity\" tests\nACM-2206 - [Submariner] - Gateway error shown \"diagnose all\" tests\nACM-2211 - [Submariner] - Submariner does not support cluster \"kube-proxy ipvs mode\"\nACM-2256 - [Submariner] - Vsphere cluster shows Pod Security admission controller warnings\nACM-2274 - Cannot use submariner with OSP and self signed certs\nACM-2387 - [Submariner] - subctl diagnose tests spawn nettest image with wrong tag nameing convention\nACM-2482 - Subctl 0.14.1 prints version \"devel\"\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.6 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2132957 - Migration fails at UnQuiesceDestApplications step in OCP 4.12\n2137304 - Location for host cluster is missing in the UI\n2140208 - When editing a MigHook in the UI, the page may fail to reload\n2143628 - Unable to create Storage Class Conversion plan due to missing cronjob error in OCP 4.12\n2143872 - Namespaces page in web console stuck in loading phase\n2149920 - Migration fails at prebackupHooks step\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMIG-1240 - Implement proposed changes for DVM support with PSAs in 4.12\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update\nAdvisory ID: RHSA-2022:8781-01\nProduct: Logging Subsystem for Red Hat OpenShift\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:8781\nIssue date: 2022-12-08\nCVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 \n CVE-2020-36516 CVE-2020-36518 CVE-2020-36558 \n CVE-2021-3640 CVE-2021-30002 CVE-2022-0168 \n CVE-2022-0561 CVE-2022-0562 CVE-2022-0617 \n CVE-2022-0854 CVE-2022-0865 CVE-2022-0891 \n CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 \n CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 \n CVE-2022-1184 CVE-2022-1292 CVE-2022-1304 \n CVE-2022-1355 CVE-2022-1586 CVE-2022-1785 \n CVE-2022-1852 CVE-2022-1897 CVE-2022-1927 \n CVE-2022-2068 CVE-2022-2078 CVE-2022-2097 \n CVE-2022-2509 CVE-2022-2586 CVE-2022-2639 \n CVE-2022-2879 CVE-2022-2880 CVE-2022-2938 \n CVE-2022-3515 CVE-2022-20368 CVE-2022-21499 \n CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 \n CVE-2022-21626 CVE-2022-21628 CVE-2022-22624 \n CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 \n CVE-2022-22844 CVE-2022-23960 CVE-2022-24448 \n CVE-2022-25255 CVE-2022-26373 CVE-2022-26700 \n CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 \n CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 \n CVE-2022-27405 CVE-2022-27406 CVE-2022-27664 \n CVE-2022-27950 CVE-2022-28390 CVE-2022-28893 \n CVE-2022-29581 CVE-2022-30293 CVE-2022-32189 \n CVE-2022-34903 CVE-2022-36946 CVE-2022-37434 \n CVE-2022-37603 CVE-2022-39399 CVE-2022-41715 \n CVE-2022-42003 CVE-2022-42004 \n=====================================================================\n\n1. Summary:\n\nLogging Subsystem 5.5.5 - Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nLogging Subsystem 5.5.5 - Red Hat OpenShift\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested\nobjects (CVE-2020-36518)\n\n* golang: net/http: handle server errors after sending GOAWAY\n(CVE-2022-27664)\n\n* golang: archive/tar: unbounded memory consumption when reading headers\n(CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)\n\n* jackson-databind: deep wrapper array nesting wrt\nUNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the\nencoded message is too short, potentially allowing a denial of service\n(CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster\nLOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch\nLOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn\u0027t support multiple CAs\nLOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. \nLOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value\nLOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed\nLOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue\nLOG-3310 - [release-5.5] Can\u0027t choose correct CA ConfigMap Key when creating lokistack in Console\nLOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-3709\nhttps://access.redhat.com/security/cve/CVE-2020-35525\nhttps://access.redhat.com/security/cve/CVE-2020-35527\nhttps://access.redhat.com/security/cve/CVE-2020-36516\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://access.redhat.com/security/cve/CVE-2020-36558\nhttps://access.redhat.com/security/cve/CVE-2021-3640\nhttps://access.redhat.com/security/cve/CVE-2021-30002\nhttps://access.redhat.com/security/cve/CVE-2022-0168\nhttps://access.redhat.com/security/cve/CVE-2022-0561\nhttps://access.redhat.com/security/cve/CVE-2022-0562\nhttps://access.redhat.com/security/cve/CVE-2022-0617\nhttps://access.redhat.com/security/cve/CVE-2022-0854\nhttps://access.redhat.com/security/cve/CVE-2022-0865\nhttps://access.redhat.com/security/cve/CVE-2022-0891\nhttps://access.redhat.com/security/cve/CVE-2022-0908\nhttps://access.redhat.com/security/cve/CVE-2022-0909\nhttps://access.redhat.com/security/cve/CVE-2022-0924\nhttps://access.redhat.com/security/cve/CVE-2022-1016\nhttps://access.redhat.com/security/cve/CVE-2022-1048\nhttps://access.redhat.com/security/cve/CVE-2022-1055\nhttps://access.redhat.com/security/cve/CVE-2022-1184\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1304\nhttps://access.redhat.com/security/cve/CVE-2022-1355\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1852\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2078\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-2586\nhttps://access.redhat.com/security/cve/CVE-2022-2639\nhttps://access.redhat.com/security/cve/CVE-2022-2879\nhttps://access.redhat.com/security/cve/CVE-2022-2880\nhttps://access.redhat.com/security/cve/CVE-2022-2938\nhttps://access.redhat.com/security/cve/CVE-2022-3515\nhttps://access.redhat.com/security/cve/CVE-2022-20368\nhttps://access.redhat.com/security/cve/CVE-2022-21499\nhttps://access.redhat.com/security/cve/CVE-2022-21618\nhttps://access.redhat.com/security/cve/CVE-2022-21619\nhttps://access.redhat.com/security/cve/CVE-2022-21624\nhttps://access.redhat.com/security/cve/CVE-2022-21626\nhttps://access.redhat.com/security/cve/CVE-2022-21628\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-22844\nhttps://access.redhat.com/security/cve/CVE-2022-23960\nhttps://access.redhat.com/security/cve/CVE-2022-24448\nhttps://access.redhat.com/security/cve/CVE-2022-25255\nhttps://access.redhat.com/security/cve/CVE-2022-26373\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-27404\nhttps://access.redhat.com/security/cve/CVE-2022-27405\nhttps://access.redhat.com/security/cve/CVE-2022-27406\nhttps://access.redhat.com/security/cve/CVE-2022-27664\nhttps://access.redhat.com/security/cve/CVE-2022-27950\nhttps://access.redhat.com/security/cve/CVE-2022-28390\nhttps://access.redhat.com/security/cve/CVE-2022-28893\nhttps://access.redhat.com/security/cve/CVE-2022-29581\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/cve/CVE-2022-32189\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-36946\nhttps://access.redhat.com/security/cve/CVE-2022-37434\nhttps://access.redhat.com/security/cve/CVE-2022-37603\nhttps://access.redhat.com/security/cve/CVE-2022-39399\nhttps://access.redhat.com/security/cve/CVE-2022-41715\nhttps://access.redhat.com/security/cve/CVE-2022-42003\nhttps://access.redhat.com/security/cve/CVE-2022-42004\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22662"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"db": "VULHUB",
"id": "VHN-411290"
},
{
"db": "PACKETSTORM",
"id": "166318"
},
{
"db": "PACKETSTORM",
"id": "166312"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "170898"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "170162"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22662",
"trust": 3.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/07/05/3",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011813",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166318",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166312",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170898",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170956",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170210",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169920",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169760",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166314",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166316",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168226",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169889",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411290",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170243",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170162",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411290"
},
{
"db": "PACKETSTORM",
"id": "166318"
},
{
"db": "PACKETSTORM",
"id": "166312"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "170898"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"db": "NVD",
"id": "CVE-2022-22662"
}
]
},
"id": "VAR-202203-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411290"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:08:07.924000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213184 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33BWWAQLLBHKGSI332ZZCORTFZ2XLOIH/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-668",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411290"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"db": "NVD",
"id": "CVE-2022-22662"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"trust": 1.1,
"url": "https://support.apple.com/en-us/ht213184"
},
{
"trust": 1.1,
"url": "https://support.apple.com/en-us/ht213185"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2022/07/05/3"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/annhxxarvbrgi74tvqnzoag6p7agsmuj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33bwwaqllbhkgsi332zzcortfz2xloih/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-27664"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-46848"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-35737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-2880"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-41715"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1355"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0909"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0924"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0908"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0561"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0865"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0562"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22844"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0891"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22638"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42011"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2879"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-43680"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42010"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21626"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21628"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-39399"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21624"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0924"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32189"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33bwwaqllbhkgsi332zzcortfz2xloih/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/annhxxarvbrgi74tvqnzoag6p7agsmuj/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22666"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213193."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22596"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22627"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213185."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22647"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://submariner.io/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41974"
},
{
"trust": 0.1,
"url": "https://submariner.io/getting-started/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1355"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:9047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28390"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2078"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1055"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26373"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1048"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29581"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21499"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411290"
},
{
"db": "PACKETSTORM",
"id": "166318"
},
{
"db": "PACKETSTORM",
"id": "166312"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "170898"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"db": "NVD",
"id": "CVE-2022-22662"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411290"
},
{
"db": "PACKETSTORM",
"id": "166318"
},
{
"db": "PACKETSTORM",
"id": "166312"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "170898"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"db": "NVD",
"id": "CVE-2022-22662"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-411290"
},
{
"date": "2022-03-15T15:48:26",
"db": "PACKETSTORM",
"id": "166318"
},
{
"date": "2022-03-15T15:45:47",
"db": "PACKETSTORM",
"id": "166312"
},
{
"date": "2023-02-10T15:49:15",
"db": "PACKETSTORM",
"id": "170956"
},
{
"date": "2023-02-08T16:00:47",
"db": "PACKETSTORM",
"id": "170898"
},
{
"date": "2022-12-13T17:13:48",
"db": "PACKETSTORM",
"id": "170206"
},
{
"date": "2023-01-27T15:03:38",
"db": "PACKETSTORM",
"id": "170759"
},
{
"date": "2022-12-15T15:35:54",
"db": "PACKETSTORM",
"id": "170243"
},
{
"date": "2022-12-08T16:34:22",
"db": "PACKETSTORM",
"id": "170162"
},
{
"date": "2023-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"date": "2022-05-26T18:15:08.913000",
"db": "NVD",
"id": "CVE-2022-22662"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-411290"
},
{
"date": "2023-08-24T02:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-011813"
},
{
"date": "2024-11-21T06:47:13.653000",
"db": "NVD",
"id": "CVE-2022-22662"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "macOS\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011813"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, spoof, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "166318"
}
],
"trust": 0.1
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.