VAR-202210-1070
Vulnerability from variot - Updated: 2025-12-22 22:47An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Issue addressed:
- RHACM 2.6.4 images (BZ# 2153382)
Security fixes:
-
CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process
-
Bugs fixed (https://bugzilla.redhat.com/):
2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2153382 - RHACM 2.6.4 images
- Description:
Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Solution:
Apply this errata by upgrading Network observability operator 1.0 to 1.1
- Bugs fixed (https://bugzilla.redhat.com/):
2169468 - CVE-2023-0813 network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced
- Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified
- Description:
Migration Toolkit for Applications 6.0.1 Images
Security Fix(es) from Bugzilla:
-
loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)
-
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
-
gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)
-
glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
-
express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
-
loader-utils:Regular expression denial of service (CVE-2022-37603)
-
golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
-
json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
MTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod MTA-106 - Implement ability for windup addon image pull policy to be configurable MTA-122 - MTA is upgrading automatically ignoring 'Manual' setting MTA-123 - MTA Becomes unusable when running bulk binary analysis MTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing MTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1 MTA-36 - Can't disable a proxy if it has an invalid configuration MTA-44 - Make RWX volumes optional. MTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct % MTA-59 - Getting error 401 if deleting many credentials quickly MTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter MTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6] MTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6] MTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6] MTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6] MTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-85 - CVE-2022-24999 mta-ui-container: express: "qs" prototype poisoning causes the hang of the node process [mta-6] MTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-96 - [UI] Maven -> "Local artifact repository" textbox can be checked and has no tooltip
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2023:0173-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0173 Issue date: 2023-01-16 CVE Names: CVE-2022-40303 CVE-2022-40304 ==================================================================== 1. Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
-
libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
-
libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The desktop must be restarted (log out, then log back in) for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm libxml2-debugsource-2.9.7-15.el8_7.1.aarch64.rpm libxml2-devel-2.9.7-15.el8_7.1.aarch64.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm
ppc64le: libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm libxml2-debugsource-2.9.7-15.el8_7.1.ppc64le.rpm libxml2-devel-2.9.7-15.el8_7.1.ppc64le.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm
s390x: libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm libxml2-debugsource-2.9.7-15.el8_7.1.s390x.rpm libxml2-devel-2.9.7-15.el8_7.1.s390x.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm
x86_64: libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm libxml2-debugsource-2.9.7-15.el8_7.1.i686.rpm libxml2-debugsource-2.9.7-15.el8_7.1.x86_64.rpm libxml2-devel-2.9.7-15.el8_7.1.i686.rpm libxml2-devel-2.9.7-15.el8_7.1.x86_64.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: libxml2-2.9.7-15.el8_7.1.src.rpm
aarch64: libxml2-2.9.7-15.el8_7.1.aarch64.rpm libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm libxml2-debugsource-2.9.7-15.el8_7.1.aarch64.rpm python3-libxml2-2.9.7-15.el8_7.1.aarch64.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm
ppc64le: libxml2-2.9.7-15.el8_7.1.ppc64le.rpm libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm libxml2-debugsource-2.9.7-15.el8_7.1.ppc64le.rpm python3-libxml2-2.9.7-15.el8_7.1.ppc64le.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm
s390x: libxml2-2.9.7-15.el8_7.1.s390x.rpm libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm libxml2-debugsource-2.9.7-15.el8_7.1.s390x.rpm python3-libxml2-2.9.7-15.el8_7.1.s390x.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm
x86_64: libxml2-2.9.7-15.el8_7.1.i686.rpm libxml2-2.9.7-15.el8_7.1.x86_64.rpm libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm libxml2-debugsource-2.9.7-15.el8_7.1.i686.rpm libxml2-debugsource-2.9.7-15.el8_7.1.x86_64.rpm python3-libxml2-2.9.7-15.el8_7.1.x86_64.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm python3-libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY8UoQ9zjgjWX9erEAQgOHQ/+Ns7MY8MsoyU3wlWkuTW5mCenVYaSQa90 nHACMcvLgOKjM61s7FTXHnvV52TKj/+kZRToW2MCOTfuLsYnP0bZ+DFLkhDxoIGR wN6X2Mgh/vtBmdLGtW8bjclpJuYLoGrjfoigFOZgXbRrKBNYLZqLPNutHzcF1IB2 hxdTDn7W+RNjCiP8+l+cTGYx0A9e1rYkCEx5B8qKfJY11/ojBTvxMf2jVnkFM9gz ZwVCDtUyO7S7B5l6OqvH9qcR8dBOMw5KpaE4wGc+RF9iYI3t68xJlB2bj21Eb1oW I4OwkkOh9i96f2XtusnTZIdJWVEMHJ3ZjM8a40nB7OzV0zSRRml61CLvLur6YAdo nxQ3bstsq2+NhK/J0pHLUaVLQxeePgvHICJBIBXRV/bFHZw3qADo08FmvcVh4y9t HSyYP6ZdofwxeR6elSke2cM57RWIcDVB8+o6ESUN4q5QMp6xjmA+82tHLmbguwyb RMTW46jCZ3tZOo5+zIXBGlwvMZGv5PDzzgjwEboxBoWTGegBdPJkNNmezj9pZcyB 0l2Uh2LtC/uPbqBFzsPy94pyEd4VoRAY5/RBS+PgLCJm4o2qsaTN75jqHpSQXgw8 CfZT3+0XnYvsYHBt8jtiVUpHJpbfh9vNNjXzcLO/JKCv8NW3So1MfV2A+mT/mDmh nCQ8kAI62fw=pLiQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents 2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets
CVE-2022-40303
Maddie Stone discovered that missing safety checks in several
functions can result in integer overflows when parsing a XML
document with the XML_PARSE_HUGE option enabled.
CVE-2022-40304
Ned Williamson and Nathan Wachholz discovered a vulnerability when
handling detection of entity reference cycles, which may result in
corrupted dictionary entries. This flaw may lead to logic errors,
including memory errors like double free flaws.
For the stable distribution (bullseye), these problems have been fixed in version 2.9.10+dfsg-6.7+deb11u3.
We recommend that you upgrade your libxml2 packages.
For the detailed security status of libxml2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxml2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNmu0JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QPYQ/5AQtGMTA78fVUCt9lBuzBbGe5F/2jOHmP2CIlEbV3RnHtZe9wMGlcYvSq 4hDRvu8OEHmSwqHyRbghQt2oCvSLhtIhqxf0Itro5Pv8PWrhoFy6TdNX9tW+ARqz TIF93hiHeTuQO+XqkTct50KUlTB6ccZDREqx7tGK4B/8fHM+34vPca0nRpWHUaXM aUJtgGNRvO+th3qulMKGGzE2K05678D1RYngF3T/NJ0+aobfdd4dVOobyVqotF76 thwO04V54oXVNuaRUJ5ItGKcY6sLx0l0cJ+HysB93xS2TGDAZhayFkMRKTk7hfOo B08LPMnYjcbb+A1cezT+XpgcTOir+pZXuNSUuB7Q1vwERXGnhdMC0Z8hwTL5o18A h4S6fk7vPSIIOzOGkAWYQ0mjsG5c45rXDVCp4u9LwIqIEAq/pXI7UTp+kJFSRerk Q8lWBuTiwjlaaFGslANxmbPJtfS4PHFFLPnjJJArhJI0CRi5cq3Htruw/5sVgwTj Xu+d1ht/jmmNfNS4qTDBpq1wJVmpc82qrxT8uDLp1BK2nBx6tSnsDViENIPBZE3O OzmIYYCAuXvhKK4QG9H/02hBBhwSFVI/TnFzFhF8KyA95VXCYpBkUpweU0in4PuK l4/gd0lPZGeJDw7VI+p7HG5GeOA/7d+NkvwrHaHe4iShFfHYZxI\x8etg -----END PGP SIGNATURE----- . Description:
Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers container images for the release. Bugs fixed (https://bugzilla.redhat.com/):
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
- JIRA issues fixed (https://issues.jboss.org/):
OSSM-1330 - Allow specifying secret as pilot server cert when using CertificateAuthority: Custom OSSM-2342 - Run OSSM operator on infrastructure nodes OSSM-2371 - Kiali in read-only mode still can change the log level of the envoy proxies OSSM-2373 - Can't login to Kiali with "Error trying to get OAuth metadata" OSSM-2374 - Deleting a SMM also deletes the SMMR in OpenShift Service Mesh OSSM-2492 - Default tolerations in SMCP not passed to Jaeger OSSM-2493 - Default nodeSelector and tolerations in SMCP not passed to Kiali OSSM-3317 - Error: deployment.accessible_namespaces set to ['**']
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.2"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7.2"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7.2"
},
{
"model": "libxml2",
"scope": "lt",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "2.10.3"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.2"
},
{
"model": "manageability software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40304"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "171025"
},
{
"db": "PACKETSTORM",
"id": "171016"
},
{
"db": "PACKETSTORM",
"id": "170753"
},
{
"db": "PACKETSTORM",
"id": "171144"
},
{
"db": "PACKETSTORM",
"id": "170555"
},
{
"db": "PACKETSTORM",
"id": "171042"
},
{
"db": "PACKETSTORM",
"id": "171040"
},
{
"db": "PACKETSTORM",
"id": "171470"
}
],
"trust": 0.8
},
"cve": "CVE-2022-40304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-40304",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-40304",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-40304",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1022",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1022"
},
{
"db": "NVD",
"id": "CVE-2022-40304"
},
{
"db": "NVD",
"id": "CVE-2022-40304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nIssue addressed:\n\n* RHACM 2.6.4 images (BZ# 2153382)\n\nSecurity fixes:\n\n* CVE-2022-24999 express: \"qs\" prototype poisoning causes the hang of the\nnode process\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2150323 - CVE-2022-24999 express: \"qs\" prototype poisoning causes the hang of the node process\n2153382 - RHACM 2.6.4 images\n\n5. Description:\n\nNetwork observability is an OpenShift operator that provides a monitoring\npipeline to collect and enrich network flows that are produced by the\nNetwork observability eBPF agent. \n\nThe operator provides dashboards, metrics, and keeps flows accessible in a\nqueryable log store, Grafana Loki. When a FlowCollector is deployed, new\ndashboards are available in the Console. Solution:\n\nApply this errata by upgrading Network observability operator 1.0 to 1.1\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2169468 - CVE-2023-0813 network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified\n\n5. Description:\n\nMigration Toolkit for Applications 6.0.1 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* loader-utils: prototype pollution in function parseQuery in parseQuery.js\n(CVE-2022-37601)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds\nwriting (CVE-2022-42920)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin\n(CVE-2020-36567)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process\n(CVE-2022-24999)\n\n* loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go\nserver accepting HTTP/2 requests (CVE-2022-41717)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nMTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod\nMTA-106 - Implement ability for windup addon image pull policy to be configurable\nMTA-122 - MTA is upgrading automatically ignoring \u0027Manual\u0027 setting\nMTA-123 - MTA Becomes unusable when running bulk binary analysis\nMTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing \nMTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1\nMTA-36 - Can\u0027t disable a proxy if it has an invalid configuration\nMTA-44 - Make RWX volumes optional. \nMTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct %\nMTA-59 - Getting error 401 if deleting many credentials quickly\nMTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter\nMTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6]\nMTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6]\nMTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]\nMTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6]\nMTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]\nMTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6]\nMTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0]\nMTA-85 - CVE-2022-24999 mta-ui-container: express: \"qs\" prototype poisoning causes the hang of the node process [mta-6]\nMTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]\nMTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0]\nMTA-96 - [UI] Maven -\u003e \"Local artifact repository\" textbox can be checked and has no tooltip\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libxml2 security update\nAdvisory ID: RHSA-2023:0173-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:0173\nIssue date: 2023-01-16\nCVE Names: CVE-2022-40303 CVE-2022-40304\n====================================================================\n1. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSecurity Fix(es):\n\n* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)\n\n* libxml2: dict corruption caused by entity reference cycles\n(CVE-2022-40304)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update\nto take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE\n2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nlibxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.aarch64.rpm\nlibxml2-devel-2.9.7-15.el8_7.1.aarch64.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.ppc64le.rpm\nlibxml2-devel-2.9.7-15.el8_7.1.ppc64le.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.s390x.rpm\nlibxml2-devel-2.9.7-15.el8_7.1.s390x.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm\nlibxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.i686.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.x86_64.rpm\nlibxml2-devel-2.9.7-15.el8_7.1.i686.rpm\nlibxml2-devel-2.9.7-15.el8_7.1.x86_64.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nlibxml2-2.9.7-15.el8_7.1.src.rpm\n\naarch64:\nlibxml2-2.9.7-15.el8_7.1.aarch64.rpm\nlibxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.aarch64.rpm\npython3-libxml2-2.9.7-15.el8_7.1.aarch64.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.aarch64.rpm\n\nppc64le:\nlibxml2-2.9.7-15.el8_7.1.ppc64le.rpm\nlibxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.ppc64le.rpm\npython3-libxml2-2.9.7-15.el8_7.1.ppc64le.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.7-15.el8_7.1.s390x.rpm\nlibxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.s390x.rpm\npython3-libxml2-2.9.7-15.el8_7.1.s390x.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.s390x.rpm\n\nx86_64:\nlibxml2-2.9.7-15.el8_7.1.i686.rpm\nlibxml2-2.9.7-15.el8_7.1.x86_64.rpm\nlibxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm\nlibxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.i686.rpm\nlibxml2-debugsource-2.9.7-15.el8_7.1.x86_64.rpm\npython3-libxml2-2.9.7-15.el8_7.1.x86_64.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.i686.rpm\npython3-libxml2-debuginfo-2.9.7-15.el8_7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY8UoQ9zjgjWX9erEAQgOHQ/+Ns7MY8MsoyU3wlWkuTW5mCenVYaSQa90\nnHACMcvLgOKjM61s7FTXHnvV52TKj/+kZRToW2MCOTfuLsYnP0bZ+DFLkhDxoIGR\nwN6X2Mgh/vtBmdLGtW8bjclpJuYLoGrjfoigFOZgXbRrKBNYLZqLPNutHzcF1IB2\nhxdTDn7W+RNjCiP8+l+cTGYx0A9e1rYkCEx5B8qKfJY11/ojBTvxMf2jVnkFM9gz\nZwVCDtUyO7S7B5l6OqvH9qcR8dBOMw5KpaE4wGc+RF9iYI3t68xJlB2bj21Eb1oW\nI4OwkkOh9i96f2XtusnTZIdJWVEMHJ3ZjM8a40nB7OzV0zSRRml61CLvLur6YAdo\nnxQ3bstsq2+NhK/J0pHLUaVLQxeePgvHICJBIBXRV/bFHZw3qADo08FmvcVh4y9t\nHSyYP6ZdofwxeR6elSke2cM57RWIcDVB8+o6ESUN4q5QMp6xjmA+82tHLmbguwyb\nRMTW46jCZ3tZOo5+zIXBGlwvMZGv5PDzzgjwEboxBoWTGegBdPJkNNmezj9pZcyB\n0l2Uh2LtC/uPbqBFzsPy94pyEd4VoRAY5/RBS+PgLCJm4o2qsaTN75jqHpSQXgw8\nCfZT3+0XnYvsYHBt8jtiVUpHJpbfh9vNNjXzcLO/JKCv8NW3So1MfV2A+mT/mDmh\nnCQ8kAI62fw=pLiQ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents\n2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets\n\n5. \n\nCVE-2022-40303\n\n Maddie Stone discovered that missing safety checks in several\n functions can result in integer overflows when parsing a XML\n document with the XML_PARSE_HUGE option enabled. \n\nCVE-2022-40304\n\n Ned Williamson and Nathan Wachholz discovered a vulnerability when\n handling detection of entity reference cycles, which may result in\n corrupted dictionary entries. This flaw may lead to logic errors,\n including memory errors like double free flaws. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.9.10+dfsg-6.7+deb11u3. \n\nWe recommend that you upgrade your libxml2 packages. \n\nFor the detailed security status of libxml2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNmu0JfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0QPYQ/5AQtGMTA78fVUCt9lBuzBbGe5F/2jOHmP2CIlEbV3RnHtZe9wMGlcYvSq\n4hDRvu8OEHmSwqHyRbghQt2oCvSLhtIhqxf0Itro5Pv8PWrhoFy6TdNX9tW+ARqz\nTIF93hiHeTuQO+XqkTct50KUlTB6ccZDREqx7tGK4B/8fHM+34vPca0nRpWHUaXM\naUJtgGNRvO+th3qulMKGGzE2K05678D1RYngF3T/NJ0+aobfdd4dVOobyVqotF76\nthwO04V54oXVNuaRUJ5ItGKcY6sLx0l0cJ+HysB93xS2TGDAZhayFkMRKTk7hfOo\nB08LPMnYjcbb+A1cezT+XpgcTOir+pZXuNSUuB7Q1vwERXGnhdMC0Z8hwTL5o18A\nh4S6fk7vPSIIOzOGkAWYQ0mjsG5c45rXDVCp4u9LwIqIEAq/pXI7UTp+kJFSRerk\nQ8lWBuTiwjlaaFGslANxmbPJtfS4PHFFLPnjJJArhJI0CRi5cq3Htruw/5sVgwTj\nXu+d1ht/jmmNfNS4qTDBpq1wJVmpc82qrxT8uDLp1BK2nBx6tSnsDViENIPBZE3O\nOzmIYYCAuXvhKK4QG9H/02hBBhwSFVI/TnFzFhF8KyA95VXCYpBkUpweU0in4PuK\nl4/gd0lPZGeJDw7VI+p7HG5GeOA/7d+NkvwrHaHe4iShFfHYZxI\\x8etg\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat OpenShift Service Mesh is the Red Hat distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. \n\nThis advisory covers container images for the release. Bugs fixed (https://bugzilla.redhat.com/):\n\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1330 - Allow specifying secret as pilot server cert when using CertificateAuthority: Custom\nOSSM-2342 - Run OSSM operator on infrastructure nodes\nOSSM-2371 - Kiali in read-only mode still can change the log level of the envoy proxies\nOSSM-2373 - Can\u0027t login to Kiali with \"Error trying to get OAuth metadata\"\nOSSM-2374 - Deleting a SMM also deletes the SMMR in OpenShift Service Mesh\nOSSM-2492 - Default tolerations in SMCP not passed to Jaeger\nOSSM-2493 - Default nodeSelector and tolerations in SMCP not passed to Kiali\nOSSM-3317 - Error: deployment.accessible_namespaces set to [\u0027**\u0027]\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40304"
},
{
"db": "VULHUB",
"id": "VHN-429438"
},
{
"db": "PACKETSTORM",
"id": "171025"
},
{
"db": "PACKETSTORM",
"id": "171016"
},
{
"db": "PACKETSTORM",
"id": "170753"
},
{
"db": "PACKETSTORM",
"id": "171144"
},
{
"db": "PACKETSTORM",
"id": "170555"
},
{
"db": "PACKETSTORM",
"id": "171042"
},
{
"db": "PACKETSTORM",
"id": "171040"
},
{
"db": "PACKETSTORM",
"id": "169732"
},
{
"db": "PACKETSTORM",
"id": "171470"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-429438",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429438"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40304",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "170555",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169732",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169824",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169857",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170318",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169620",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170955",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170097",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170754",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1022",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0246",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1467",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5286",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6321",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5792.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0816",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1501",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5614",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1267",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0513",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5455",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1041",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1398",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "170753",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171016",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171042",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171040",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170316",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171043",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170752",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170899",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170312",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169858",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171260",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-429438",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171025",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171470",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429438"
},
{
"db": "PACKETSTORM",
"id": "171025"
},
{
"db": "PACKETSTORM",
"id": "171016"
},
{
"db": "PACKETSTORM",
"id": "170753"
},
{
"db": "PACKETSTORM",
"id": "171144"
},
{
"db": "PACKETSTORM",
"id": "170555"
},
{
"db": "PACKETSTORM",
"id": "171042"
},
{
"db": "PACKETSTORM",
"id": "171040"
},
{
"db": "PACKETSTORM",
"id": "169732"
},
{
"db": "PACKETSTORM",
"id": "171470"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1022"
},
{
"db": "NVD",
"id": "CVE-2022-40304"
}
]
},
"id": "VAR-202210-1070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-429438"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T22:47:46.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "libxml2 Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=215772"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1022"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.0
},
{
"problemtype": "CWE-611",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429438"
},
{
"db": "NVD",
"id": "CVE-2022-40304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213531"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213533"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213534"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213535"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213536"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/dec/21"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/dec/24"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/dec/25"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/dec/26"
},
{
"trust": 1.7,
"url": "https://gitlab.gnome.org/gnome/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"
},
{
"trust": 1.7,
"url": "https://gitlab.gnome.org/gnome/libxml2/-/tags"
},
{
"trust": 1.7,
"url": "https://gitlab.gnome.org/gnome/libxml2/-/tags/v2.10.3"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/dec/27"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40303"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40304"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1041"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170555/red-hat-security-advisory-2023-0173-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1267"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1467"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170318/apple-security-advisory-2022-12-13-8.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1501"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213505"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5286"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170955/red-hat-security-advisory-2023-0634-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169857/apple-security-advisory-2022-11-09-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170754/red-hat-security-advisory-2023-0468-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170097/ubuntu-security-notice-usn-5760-2.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213534"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0246"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40304/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169732/debian-security-advisory-5271-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libxml2-three-vulnerabilities-39554"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169824/libxml2-attribute-parsing-double-free.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1398"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0816"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169620/gentoo-linux-security-advisory-202210-39.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6321"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5792.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5455"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5614"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-35737"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-46848"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-43680"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-23521"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-41903"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-42012"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-42010"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-42011"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2867"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2056"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2953"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2058"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2520"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2057"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2868"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24999"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2519"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2058"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2057"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24999"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2056"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2521"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2519"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43680"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42010"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42011"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-41717"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3064"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3064"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-23947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0794"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-44617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4883"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3602"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-33099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33099"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3602"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-22482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22482"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21830"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36567"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0804"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0802"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/libxml2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-45061"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1448"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28861"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-48303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10735"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429438"
},
{
"db": "PACKETSTORM",
"id": "171025"
},
{
"db": "PACKETSTORM",
"id": "171016"
},
{
"db": "PACKETSTORM",
"id": "170753"
},
{
"db": "PACKETSTORM",
"id": "171144"
},
{
"db": "PACKETSTORM",
"id": "170555"
},
{
"db": "PACKETSTORM",
"id": "171042"
},
{
"db": "PACKETSTORM",
"id": "171040"
},
{
"db": "PACKETSTORM",
"id": "169732"
},
{
"db": "PACKETSTORM",
"id": "171470"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1022"
},
{
"db": "NVD",
"id": "CVE-2022-40304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-429438"
},
{
"db": "PACKETSTORM",
"id": "171025"
},
{
"db": "PACKETSTORM",
"id": "171016"
},
{
"db": "PACKETSTORM",
"id": "170753"
},
{
"db": "PACKETSTORM",
"id": "171144"
},
{
"db": "PACKETSTORM",
"id": "170555"
},
{
"db": "PACKETSTORM",
"id": "171042"
},
{
"db": "PACKETSTORM",
"id": "171040"
},
{
"db": "PACKETSTORM",
"id": "169732"
},
{
"db": "PACKETSTORM",
"id": "171470"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1022"
},
{
"db": "NVD",
"id": "CVE-2022-40304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-429438"
},
{
"date": "2023-02-16T15:44:21",
"db": "PACKETSTORM",
"id": "171025"
},
{
"date": "2023-02-16T15:41:43",
"db": "PACKETSTORM",
"id": "171016"
},
{
"date": "2023-01-26T15:34:56",
"db": "PACKETSTORM",
"id": "170753"
},
{
"date": "2023-02-28T16:03:55",
"db": "PACKETSTORM",
"id": "171144"
},
{
"date": "2023-01-17T17:07:25",
"db": "PACKETSTORM",
"id": "170555"
},
{
"date": "2023-02-17T16:04:17",
"db": "PACKETSTORM",
"id": "171042"
},
{
"date": "2023-02-17T16:01:57",
"db": "PACKETSTORM",
"id": "171040"
},
{
"date": "2022-11-07T15:19:42",
"db": "PACKETSTORM",
"id": "169732"
},
{
"date": "2023-03-24T16:45:17",
"db": "PACKETSTORM",
"id": "171470"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1022"
},
{
"date": "2022-11-23T18:15:12.167000",
"db": "NVD",
"id": "CVE-2022-40304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-429438"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1022"
},
{
"date": "2025-04-28T20:15:19.607000",
"db": "NVD",
"id": "CVE-2022-40304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libxml2 Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1022"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1022"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.