VAR-202205-1299
Vulnerability from variot - Updated: 2026-04-10 23:25A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. Apple tvOS is a smart TV operating system developed by Apple (Apple). tvOS 15.0 19J346 - 15.4.1 19L452 versions have a buffer error vulnerability caused by a boundary error when processing HTML content in WebKit. A remote attacker could exploit this vulnerability to execute arbitrary code on the target system. macOS Monterey 12.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
iOS 15.5 and iPadOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213258.
AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26702: an anonymous researcher
AppleGraphicsControl Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher
DriverKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26744: an anonymous researcher
ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
IOKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
IOSurfaceAccelerator Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26771: an anonymous researcher
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
Notes Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a large input may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal
Safari Private Browsing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher
Security Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: An authorization issue was addressed with improved state management. CVE-2022-26703: Salman Syed (@slmnsd551)
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher
Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team
Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2015-4142: Kostya Kortchinsky of Google Security Team
Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval
Additional recognition
AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.
Wi-Fi We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for their assistance.
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.5 and iPadOS 15.5". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p rhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6 xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt EoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV TpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/ XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8 YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj +1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc 1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2 mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT EwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx WIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk= =OMfW -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes Advisory ID: RHSA-2023:0795-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2023:0795 Issue date: 2023-02-15 CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2021-46848 CVE-2022-1304 CVE-2022-2509 CVE-2022-2601 CVE-2022-3515 CVE-2022-3775 CVE-2022-3787 CVE-2022-3821 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVE-2022-30698 CVE-2022-30699 CVE-2022-32149 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41974 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 =====================================================================
- Summary:
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
- Description:
Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
This advisory contains bug fixes and enhancements to the Submariner container images.
Security fixes:
- CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
Bugs addressed:
- Build Submariner 0.13.3 (ACM-2226)
- Verify Submariner with OCP 4.12 (ACM-2435)
-
Submariner does not support cluster "kube-proxy ipvs mode" (ACM-2821)
-
Solution:
For details on how to install Submariner, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console
and
https://submariner.io/getting-started/
- Bugs fixed (https://bugzilla.redhat.com/):
2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
- JIRA issues fixed (https://issues.jboss.org/):
ACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3 ACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12 ACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster "kube-proxy ipvs mode"
- References:
https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32149 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-41974 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. Description:
Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. Solution:
See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index See the Red Hat OpenShift Container Platform 4.9 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index See the Red Hat OpenShift Container Platform 4.10 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index See the Red Hat OpenShift Container Platform 4.11 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
- Bugs fixed (https://bugzilla.redhat.com/):
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2142799 - Release of OpenShift Serverless Serving 1.26.0 2142801 - Release of OpenShift Serverless Eventing 1.26.0
- Bugs fixed (https://bugzilla.redhat.com/):
2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
- Summary:
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Description:
Service Binding manages the data plane for applications and backing services.
Security Fix(es):
- golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
- JIRA issues fixed (https://issues.jboss.org/):
APPSVC-1204 - Provisioned Service discovery APPSVC-1256 - CVE-2022-41717
- Apple is aware of a report that this issue may have been actively exploited. CVE-2022-26724: Jorge A. ========================================================================== Ubuntu Security Notice USN-5457-1 June 01, 2022
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 2.36.3-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.36.3-0ubuntu0.22.04.1
Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.21.10.1 libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.21.10.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.6"
},
{
"_id": null,
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"_id": null,
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"_id": null,
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
},
{
"_id": null,
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26700"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "171127"
}
],
"trust": 0.4
},
"cve": "CVE-2022-26700",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-26700",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26700",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-26700",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3513",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3513"
},
{
"db": "NVD",
"id": "CVE-2022-26700"
},
{
"db": "NVD",
"id": "CVE-2022-26700"
}
]
},
"description": {
"_id": null,
"data": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. Apple tvOS is a smart TV operating system developed by Apple (Apple). tvOS 15.0 19J346 - 15.4.1 19L452 versions have a buffer error vulnerability caused by a boundary error when processing HTML content in WebKit. A remote attacker could exploit this vulnerability to execute arbitrary code on the target system. macOS Monterey 12.4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5\n\niOS 15.5 and iPadOS 15.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213258. \n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26702: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAVEVideoEncoder\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26736: an anonymous researcher\nCVE-2022-26737: an anonymous researcher\nCVE-2022-26738: an anonymous researcher\nCVE-2022-26739: an anonymous researcher\nCVE-2022-26740: an anonymous researcher\n\nDriverKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGPU Drivers\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26744: an anonymous researcher\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow issue was addressed with improved\ninput validation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nIOKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\nIOMobileFrameBuffer\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nIOSurfaceAccelerator\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26771: an anonymous researcher\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibxml2\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nNotes\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a large input may lead to a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain\nCollege Of Technology Bhopal\n\nSafari Private Browsing\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26731: an anonymous researcher\n\nSecurity\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-26703: Salman Syed (@slmnsd551)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWebRTC\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Video self-preview in a webRTC call may be interrupted if the\nuser answers a phone call\nDescription: A logic issue in the handling of concurrent media was\naddressed with improved state handling. \nWebKit Bugzilla: 237524\nCVE-2022-22677: an anonymous researcher\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2015-4142: Kostya Kortchinsky of Google Security Team\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26762: Wang Yu of Cyberserval\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nFaceTime\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nWi-Fi\nWe would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for\ntheir assistance. \n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.5 and iPadOS 15.5\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p\nrhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6\nxOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt\nEoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV\nTpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/\nXWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8\nYMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj\n+1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc\n1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2\nmp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT\nEwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx\nWIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk=\n=OMfW\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes\nAdvisory ID: RHSA-2023:0795-01\nProduct: Red Hat ACM\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:0795\nIssue date: 2023-02-15\nCVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 \n CVE-2021-46848 CVE-2022-1304 CVE-2022-2509 \n CVE-2022-2601 CVE-2022-3515 CVE-2022-3775 \n CVE-2022-3787 CVE-2022-3821 CVE-2022-22624 \n CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 \n CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 \n CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 \n CVE-2022-30293 CVE-2022-30698 CVE-2022-30699 \n CVE-2022-32149 CVE-2022-35737 CVE-2022-37434 \n CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 \n CVE-2022-41974 CVE-2022-42010 CVE-2022-42011 \n CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 \n=====================================================================\n\n1. Summary:\n\nSubmariner 0.13.3 packages that fix various bugs and add various\nenhancements that are now available for Red Hat Advanced Cluster Management\nfor Kubernetes version 2.6\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nThis advisory contains bug fixes and enhancements to the Submariner\ncontainer images. \n\nSecurity fixes:\n\n* CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage\ntakes a long time to parse complex tags\n\nBugs addressed:\n\n* Build Submariner 0.13.3 (ACM-2226)\n* Verify Submariner with OCP 4.12 (ACM-2435)\n* Submariner does not support cluster \"kube-proxy ipvs mode\" (ACM-2821)\n\n3. Solution:\n\nFor details on how to install Submariner, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console\n\nand\n\nhttps://submariner.io/getting-started/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3\nACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12\nACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster \"kube-proxy ipvs mode\"\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-3709\nhttps://access.redhat.com/security/cve/CVE-2020-35525\nhttps://access.redhat.com/security/cve/CVE-2020-35527\nhttps://access.redhat.com/security/cve/CVE-2021-46848\nhttps://access.redhat.com/security/cve/CVE-2022-1304\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-2601\nhttps://access.redhat.com/security/cve/CVE-2022-3515\nhttps://access.redhat.com/security/cve/CVE-2022-3775\nhttps://access.redhat.com/security/cve/CVE-2022-3787\nhttps://access.redhat.com/security/cve/CVE-2022-3821\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/cve/CVE-2022-30698\nhttps://access.redhat.com/security/cve/CVE-2022-30699\nhttps://access.redhat.com/security/cve/CVE-2022-32149\nhttps://access.redhat.com/security/cve/CVE-2022-35737\nhttps://access.redhat.com/security/cve/CVE-2022-37434\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-41974\nhttps://access.redhat.com/security/cve/CVE-2022-42010\nhttps://access.redhat.com/security/cve/CVE-2022-42011\nhttps://access.redhat.com/security/cve/CVE-2022-42012\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/cve/CVE-2022-43680\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. Description:\n\nVersion 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. Solution:\n\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.11 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2142799 - Release of OpenShift Serverless Serving 1.26.0\n2142801 - Release of OpenShift Serverless Eventing 1.26.0\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing\n\n5. Summary:\n\nAn update for service-binding-operator-bundle-container and\nservice-binding-operator-container is now available for OpenShift Developer\nTools and Services for OCP 4.9. Description:\n\nService Binding manages the data plane for applications and backing\nservices. \n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go\nserver accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nAPPSVC-1204 - Provisioned Service discovery\nAPPSVC-1256 - CVE-2022-41717\n\n6. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2022-26724: Jorge A. ==========================================================================\nUbuntu Security Notice USN-5457-1\nJune 01, 2022\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK Web and\nJavaScript engines. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.22.04.1\n libjavascriptcoregtk-4.1-0 2.36.3-0ubuntu0.22.04.1\n libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.22.04.1\n libwebkit2gtk-4.1-0 2.36.3-0ubuntu0.22.04.1\n\nUbuntu 21.10:\n libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.21.10.1\n libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.21.10.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.3-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.36.3-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26700"
},
{
"db": "VULHUB",
"id": "VHN-417369"
},
{
"db": "VULMON",
"id": "CVE-2022-26700"
},
{
"db": "PACKETSTORM",
"id": "167185"
},
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "171127"
},
{
"db": "PACKETSTORM",
"id": "167194"
},
{
"db": "PACKETSTORM",
"id": "167347"
}
],
"trust": 1.71
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-417369",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417369"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-26700",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "167347",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170210",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169920",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169760",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167195",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170956",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168226",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169889",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3513",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022051708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022053015",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060123",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2410",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2860",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2707",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2970",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0818",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6290",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2692",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1467",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6434",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "171026",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167185",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167194",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170898",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167193",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-417369",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26700",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171127",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417369"
},
{
"db": "VULMON",
"id": "CVE-2022-26700"
},
{
"db": "PACKETSTORM",
"id": "167185"
},
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "171127"
},
{
"db": "PACKETSTORM",
"id": "167194"
},
{
"db": "PACKETSTORM",
"id": "167347"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3513"
},
{
"db": "NVD",
"id": "CVE-2022-26700"
}
]
},
"id": "VAR-202205-1299",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-417369"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:25:25.876000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Apple tvOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193038"
},
{
"title": "Apple: macOS Monterey 12.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
},
{
"title": "Apple: iOS 15.5 and iPadOS 15.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f66f27c9aed3f1df2b9271d627617604"
},
{
"title": "Apple: watchOS 8.6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6bd411659b23f6a36cfd1c59cf69e092"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-26700"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3513"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26700"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213254"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213260"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213253"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213257"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213258"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167347/ubuntu-security-notice-usn-5457-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2707"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-38480"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168226/gentoo-linux-security-advisory-202208-39.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169920/red-hat-security-advisory-2022-7435-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1467"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2692"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2970"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2410"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169760/red-hat-security-advisory-2022-7704-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170210/red-hat-security-advisory-2022-8964-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38380"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167195/apple-security-advisory-2022-05-16-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060123"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169889/red-hat-security-advisory-2022-8054-01.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26700/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022053015"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2860"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0818"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170956/red-hat-security-advisory-2023-0709-01.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-35737"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-46848"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26738"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26702"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26737"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26745"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26757"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26739"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26744"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213258."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4142"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-43680"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2601"
},
{
"trust": 0.1,
"url": "https://submariner.io/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2601"
},
{
"trust": 0.1,
"url": "https://submariner.io/getting-started/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-39399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1355"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0908"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1355"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213254."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26765"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5457-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.3-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.3-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.3-0ubuntu0.20.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417369"
},
{
"db": "VULMON",
"id": "CVE-2022-26700"
},
{
"db": "PACKETSTORM",
"id": "167185"
},
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170206"
},
{
"db": "PACKETSTORM",
"id": "170759"
},
{
"db": "PACKETSTORM",
"id": "171127"
},
{
"db": "PACKETSTORM",
"id": "167194"
},
{
"db": "PACKETSTORM",
"id": "167347"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3513"
},
{
"db": "NVD",
"id": "CVE-2022-26700"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-417369",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2022-26700",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167185",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "171026",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170206",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170759",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "171127",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167194",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167347",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3513",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-26700",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-417369",
"ident": null
},
{
"date": "2022-05-17T16:57:57",
"db": "PACKETSTORM",
"id": "167185",
"ident": null
},
{
"date": "2023-02-16T15:45:25",
"db": "PACKETSTORM",
"id": "171026",
"ident": null
},
{
"date": "2022-12-13T17:13:48",
"db": "PACKETSTORM",
"id": "170206",
"ident": null
},
{
"date": "2023-01-27T15:03:38",
"db": "PACKETSTORM",
"id": "170759",
"ident": null
},
{
"date": "2023-02-27T14:51:11",
"db": "PACKETSTORM",
"id": "171127",
"ident": null
},
{
"date": "2022-05-17T17:06:48",
"db": "PACKETSTORM",
"id": "167194",
"ident": null
},
{
"date": "2022-06-01T17:37:25",
"db": "PACKETSTORM",
"id": "167347",
"ident": null
},
{
"date": "2022-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3513",
"ident": null
},
{
"date": "2022-09-23T19:15:11.357000",
"db": "NVD",
"id": "CVE-2022-26700",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-417369",
"ident": null
},
{
"date": "2023-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3513",
"ident": null
},
{
"date": "2025-05-22T19:15:29.500000",
"db": "NVD",
"id": "CVE-2022-26700",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167347"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3513"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apple tvOS Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3513"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3513"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.