VAR-202302-0482
Vulnerability from variot - Updated: 2025-12-19 20:52A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. (CVE-2022-4304) A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash. (CVE-2023-0215) A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an malicious user to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the malicious user to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network. (CVE-2023-0286).
Bug Fix(es):
-
Requested TSC frequency outside tolerance range & TSC scaling not supported (BZ#2151169)
-
User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io" (BZ#2160673)
-
4.11.4 containers (BZ#2173835)
-
VMI with x86_Icelake fail when mpx feature is missing (BZ#2218193)
-
Bugs fixed (https://bugzilla.redhat.com/):
2151169 - Requested TSC frequency outside tolerance range & TSC scaling not supported 2160673 - User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io" 2173835 - 4.11.4 containers 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2218193 - VMI with x86_Icelake fail when mpx feature is missing
- ========================================================================== Ubuntu Security Notice USN-6564-1 January 03, 2024
nodejs vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Node.js.
Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment.
Details:
Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-4304)
CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-4450)
Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0215)
David Benjamin discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-0286)
Hubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0401)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.3 libnode72 12.22.9~dfsg-1ubuntu3.3 nodejs 12.22.9~dfsg-1ubuntu3.3
In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
- JIRA issues fixed (https://issues.redhat.com/):
OSSM-4197 - [maistra-2.2] CNI installer fails if /etc/cni/multus/net.d/ doesn't exist OSSM-4222 - Update 2.2 base image OSSM-4289 - Release Kiali container v1.48 for OSSM 2.2
- Bugs fixed (https://bugzilla.redhat.com/):
2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow
- JIRA issues fixed (https://issues.jboss.org/):
MTA-118 - Automated tagging of resources with Windup MTA-123 - MTA crashes cluster nodes when running bulk binary analysis due to requests and limits not being configurable MTA-129 - User field in Manage Import is empty MTA-160 - [Upstream] Maven Repositories "No QueryClient set, use QueryClientProvider to set one" MTA-204 - Every http request made to tagtypes returns HTTP Status 404 MTA-256 - Update application import template MTA-260 - [Regression] Application import through OOTB import template fails MTA-261 - [Regression] UI incorrectly reports target applications have in-progress/complete assessment MTA-263 - [Regression] Discard assessment option present even when assessment is not complete MTA-267 - Analysis EAP targets should include eap8 MTA-268 - RFE: Automated Tagging details to add on Review analysis details page MTA-279 - All types of Source analysis is failing in MTA 6.1.0 MTA-28 - Success Alert is not displayed when subsequent analysis are submitted MTA-282 - Discarding review results in 404 error MTA-283 - Sorting broken on Application inventory page MTA-284 - HTML reports download with no files in reports and stats folders MTA-29 - Asterisk on Description while creating a credentials should be removed MTA-297 - [Custom migration targets] Cannot upload JPG file as an icon MTA-298 - [Custom migration targets] Unclear error when uploading image greater than 1Mb of size MTA-299 - [RFE][Custom migration targets] Assign an icon: Add image max size in the note under the image name MTA-300 - [Custom rules] Cannot upload more than one rules file MTA-303 - [UI][Custom migration targets] The word "Please" should be removed from the error message about existing custom target name MTA-304 - [Custom rules] Failed analysis when retrieving custom rules files from a repository MTA-306 - MTA allows the uploading of multiple binaries for analysis MTA-311 - MTA operator fails to reconcile on a clean (non-upgrade) install MTA-314 - PVCs may not provision if storageClassName is not set. MTA-330 - With auth disabled, 'username' seen in the persona dropdown MTA-332 - Tagging: Few Tags are highlighted with color MTA-34 - Cannot filter by Business Service when copying assessments MTA-345 - [Custom migration targets] Error message "imageID must be defined" is displayed when uploading image MTA-35 - Only the first notification is displayed when discarding multiple copied assessments MTA-350 - Maven Central links from the dependencies tab in reports seem to be broken MTA-351 - AspectJ is not identified as an Open Source Library MTA-356 - The inventory view has to be refreshed for the tags that were assigned by an analysis to appear MTA-363 - [UI][Custom migration targets] "Repository type" field name is missing MTA-364 - [Custom migration targets] Unknown image file when editing a custom migration target MTA-366 - Tagging: For no tags attached "filter by" can be improved MTA-367 - [Custom migration targets] Cannot use a custom migration target in analysis MTA-369 - Custom migration targets: HTML elements are duplicated MTA-375 - Run button does not execute the analysis MTA-377 - [UI][Custom rules] Custom rules screen of the analysis configuration wizard is always marked as required MTA-378 - [UI][Custom rules] Info message on the Custom rules screen is not updated MTA-38 - Only the first notification is displayed when multiple files are imported. MTA-381 - Custom Rules: When try to update Add rules the Error alert is displayed MTA-382 - Custom Rules: Sometimes able to upload duplicate rules files MTA-388 - CSV reports download empty when enabling the option after an analysis MTA-389 - [Custom rules in Analysis] Failed analysis when retrieving custom rules files from a private repository MTA-391 - [Custom rules in Analysis] Targets from uploaded rules file are not removed once the file is removed MTA-392 - Unable to see all custom migration targets when using a vertical monitor MTA-41 - [UI] Failed to refresh token if Keycloak feature "Use Refresh Tokens" is off MTA-412 - Display alert message before reviewing an already reviewed application MTA-428 - [Custom Rules] MTA analysis custom rules conflict message MTA-430 - Analysis wizard: Next button should be enabled only after at least one target is selected MTA-438 - Tagging: Retrieving tags needs a loading indicator MTA-439 - [Regression][Custom rules] Failed to run analysis with custom rules from a repository MTA-443 - Custom rules: Add button can be disabled until duplicate rule file is removed MTA-50 - RFE: Replace the MTA acronym in the title with "Migration Toolkit for Applications" MTA-51 - RFE: " Select the list of packages to be analyzed manually" to modify the title MTA-52 - [RFE] We can change "Not associated artifact" to "No associated artifact" MTA-55 - Can't choose a custom rule via a file explorer(mac OS finder) in Tackle 2.0 MTA-78 - CVE-2022-46364 org.keycloak-keycloak-parent: Apache CXF: SSRF Vulnerability [mta-6.0] MTA-99 - Unable to use root path during checking for maven dependencies
- Description:
Multicluster Engine for Kubernetes 2.1.6 images
Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Jira issue addressed:
ACM-3513: MCE 2.1.6 images
Security fix(es):
-
CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
-
Solution:
For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce
- Bugs fixed (https://bugzilla.redhat.com/):
2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
- JIRA issues fixed (https://issues.jboss.org/):
ACM-3513 - MCE 2.1.6 Images
- Clusters and applications are all visible and managed from a single console—with security policy built in. Summary:
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
- apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
- expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)
- curl: HSTS bypass via IDN (CVE-2022-43551)
- curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
- curl: HSTS ignored on multiple requests (CVE-2023-23914)
- curl: HSTS amnesia with --parallel (CVE-2023-23915)
- curl: HTTP multi-header compression denial of service (CVE-2023-23916)
- expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)
- httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
- httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
- openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
- openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
- openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
- openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2140059 - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate 2152639 - CVE-2022-43551 curl: HSTS bypass via IDN 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests 2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.11.43 bug fix and security update Advisory ID: RHSA-2023:3542-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3542 Issue date: 2023-06-14 CVE Names: CVE-2021-38561 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0361 CVE-2023-24540 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.11.
Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.43. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2023:3541
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Security Fix(es):
- golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are
(For x86_64 architecture)
The image digest is sha256:d11cd63a623d33bda744f1a886d4b55710db4d68878967be2ebcd5535fafa25d
(For s390x architecture)
The image digest is sha256:ff0182211e8d73877a69aec8a47c32f8b1e327bd4c9edad51bcffb576f8094dc
(For ppc64le architecture)
The image digest is sha256:912d94c0fd0a61c85f9f7fea9c815bee35fa0def9c719984a625b9ba1392d403
(For aarch64 architecture)
The image digest is sha256:724078d654fb07fc816508b70f548ada9e1241592af19e72757b7ad4d270c045
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-10719 - machines stuck in provisioned or provisioning
OCPBUGS-12750 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s
OCPBUGS-13166 - Bump to kubernetes 1.24.14
OCPBUGS-13661 - cluster-reader role cannot access "k8s.ovn.org" API Group resources
OCPBUGS-13820 - Excessive memory consumption of aws-ebs-csi-driver-node pods (for 4.11)
OCPBUGS-13916 - [4.11] container_network* metrics fail to report
OCPBUGS-14069 - [4.11] Fast track BZ#2196441 (Network Manager)
OCPBUGS-14288 - [4.11] Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install
OCPBUGS-14564 - IPv6 interface and address missing in all pods - OCP 4.12-ec-2 BM IPI
- References:
https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZIoLmdzjgjWX9erEAQhcAw//ZaBKfQOKMM8l8SrzuJfWAcQn9H191408 2C8ceKDrXIAJU/g+bKMAdIKOFKvQtIWLZeShgR2dxTjROnON/WYISXB/qAtLBC+f GLXB92+K+lCZSKOKUOg3HqYQj5hQUenM8pVz8s2pcmJKNpYwrJKCyB2fhdL0XZkp N0YSUYwUPlbOUkeWlwln2nb/U2Fy2auiOODbkwcZDExF/n1Qf7tLt3NXAIwi87Q5 KpEnT2pI8J6w0xrArEOnd2aq6Ix4/IEglP0OIOSZ5p74bMACVxWuPiBCisea21Fl 98WSfceQffy2SK3cygTFSxRt4GL31B5mcSAX5bFoDFXqZjzSEHhUIOAEAp7OG+oo COMAR6xkiiwmFemjms1ttqbq65k8abj4CLTXd7zbz8qxo13/66nPF21mVaDoanrr uXap4EjXjIKutsO+jwfAi4J236maCH4MPt0QNwhB5qH+4uIxEO5H7HWza2q62kQ8 8cHyfgPrquofuWIFW/bKXsedJFNm7bQy+A0FPABscO1CZme6TsKdBNz3n934BuXb gDSvG59Wu8gd7weM6IxYmQSPjpLR6intAalhvNT5HrKsCVjer8360z75u4J8Mt6D Yd+NZObAYAGiNWRGQCQhHwSNUU6zzHAQYRsyf0dVnSq/PhiN6ILg0XCpi38U4hQb UewDEapQStY= =/4iS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus primary server base",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "endpoint security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "7.2.40"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "3.0.8"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.8.0"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.3.16"
},
{
"model": "sslvpn",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.2.1"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.0.0"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.4.0"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "2.8.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1t"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "2.7.11"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.11.22"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.6.3"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2zg"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "3.0.0"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.7.34"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "2.7.0"
},
{
"model": "neoface monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "istorage v300",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/data highway - server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u990a\u6b96\u9b5a\u30b5\u30a4\u30ba\u6e2c\u5b9a\u81ea\u52d5\u5316\u30b5\u30fc\u30d3\u30b9",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u74b0\u5883 for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/service support starter edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u5f97\u9078\u8857\u30fbgcb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/service support",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/base",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/it desktop management 2 - operations director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi compute systems manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic job management system 3 - definitions assistant",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000v \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "connexive application platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/navigation platform for developers",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic job management system 3 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "hitachi replication manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "istorage t280",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "nec enhanced speech analysis",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/it desktop management 2 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/navigation platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "webotx sip application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "hitachi global link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "esmpro/serveragent",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "istorage v100",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/file transmission server/ftp",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "spoolserver/reportfiling",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "actsecure \u30dd\u30fc\u30bf\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "iot \u5171\u901a\u57fa\u76e4",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "vran",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "nec multimedia olap for \u6620\u50cf\u5206\u6790\u30b5\u30fc\u30d3\u30b9",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/data highway - server starter edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/it desktop management 2 - smart device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/operations analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "nec ai accelerator",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "istorage v10e",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "hitachi tiered storage manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic operation",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/snmp system observer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ix \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "174629"
},
{
"db": "PACKETSTORM",
"id": "173549"
},
{
"db": "PACKETSTORM",
"id": "172054"
},
{
"db": "PACKETSTORM",
"id": "172084"
},
{
"db": "PACKETSTORM",
"id": "172144"
},
{
"db": "PACKETSTORM",
"id": "172731"
},
{
"db": "PACKETSTORM",
"id": "172961"
}
],
"trust": 0.7
},
"cve": "CVE-2022-4304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-4304",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-4304",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-4304",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-4304",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-4304",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE. \n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection. (CVE-2022-4304)\nA use-after-free vulnerability was found in OpenSSL\u0027s BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash. (CVE-2023-0215)\nA type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an malicious user to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the malicious user to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network. (CVE-2023-0286). \n\nBug Fix(es):\n\n* Requested TSC frequency outside tolerance range \u0026 TSC scaling not\nsupported (BZ#2151169)\n\n* User cannot get resource \"virtualmachineinstances/portforward\" in API\ngroup \"subresources.kubevirt.io\" (BZ#2160673)\n\n* 4.11.4 containers (BZ#2173835)\n\n* VMI with x86_Icelake fail when mpx feature is missing (BZ#2218193)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2151169 - Requested TSC frequency outside tolerance range \u0026 TSC scaling not supported\n2160673 - User cannot get resource \"virtualmachineinstances/portforward\" in API group \"subresources.kubevirt.io\"\n2173835 - 4.11.4 containers\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n2218193 - VMI with x86_Icelake fail when mpx feature is missing\n\n5. ==========================================================================\nUbuntu Security Notice USN-6564-1\nJanuary 03, 2024\n\nnodejs vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Node.js. \n\nSoftware Description:\n- nodejs: An open-source, cross-platform JavaScript runtime environment. \n\nDetails:\n\nHubert Kario discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2022-4304)\n\nCarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain\ninputs. If a user or an automated system were tricked into opening a specially\ncrafted input file, a remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-4450)\n\nOctavio Galland and Marcel B\u00f6hme discovered that Node.js incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening a\nspecially crafted input file, a remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2023-0215)\n\nDavid Benjamin discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2023-0286)\n\nHubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening a\nspecially crafted input file, a remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2023-0401)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libnode-dev 12.22.9~dfsg-1ubuntu3.3\n libnode72 12.22.9~dfsg-1ubuntu3.3\n nodejs 12.22.9~dfsg-1ubuntu3.3\n\nIn general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOSSM-4197 - [maistra-2.2] CNI installer fails if /etc/cni/multus/net.d/ doesn\u0027t exist\nOSSM-4222 - Update 2.2 base image\nOSSM-4289 - Release Kiali container v1.48 for OSSM 2.2\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding\n2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability\n2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client\n2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMTA-118 - Automated tagging of resources with Windup\nMTA-123 - MTA crashes cluster nodes when running bulk binary analysis due to requests and limits not being configurable\nMTA-129 - User field in Manage Import is empty\nMTA-160 - [Upstream] Maven Repositories \"No QueryClient set, use QueryClientProvider to set one\"\nMTA-204 - Every http request made to tagtypes returns HTTP Status 404\nMTA-256 - Update application import template\nMTA-260 - [Regression] Application import through OOTB import template fails\nMTA-261 - [Regression] UI incorrectly reports target applications have in-progress/complete assessment\nMTA-263 - [Regression] Discard assessment option present even when assessment is not complete\nMTA-267 - Analysis EAP targets should include eap8\nMTA-268 - RFE: Automated Tagging details to add on Review analysis details page\nMTA-279 - All types of Source analysis is failing in MTA 6.1.0\nMTA-28 - Success Alert is not displayed when subsequent analysis are submitted\nMTA-282 - Discarding review results in 404 error\nMTA-283 - Sorting broken on Application inventory page\nMTA-284 - HTML reports download with no files in reports and stats folders\nMTA-29 - Asterisk on Description while creating a credentials should be removed\nMTA-297 - [Custom migration targets] Cannot upload JPG file as an icon\nMTA-298 - [Custom migration targets] Unclear error when uploading image greater than 1Mb of size\nMTA-299 - [RFE][Custom migration targets] Assign an icon: Add image max size in the note under the image name\nMTA-300 - [Custom rules] Cannot upload more than one rules file\nMTA-303 - [UI][Custom migration targets] The word \"Please\" should be removed from the error message about existing custom target name\nMTA-304 - [Custom rules] Failed analysis when retrieving custom rules files from a repository\nMTA-306 - MTA allows the uploading of multiple binaries for analysis\nMTA-311 - MTA operator fails to reconcile on a clean (non-upgrade) install\nMTA-314 - PVCs may not provision if storageClassName is not set. \nMTA-330 - With auth disabled, \u0027username\u0027 seen in the persona dropdown\nMTA-332 - Tagging: Few Tags are highlighted with color\nMTA-34 - Cannot filter by Business Service when copying assessments\nMTA-345 - [Custom migration targets] Error message \"imageID must be defined\" is displayed when uploading image \nMTA-35 - Only the first notification is displayed when discarding multiple copied assessments\nMTA-350 - Maven Central links from the dependencies tab in reports seem to be broken\nMTA-351 - AspectJ is not identified as an Open Source Library\nMTA-356 - The inventory view has to be refreshed for the tags that were assigned by an analysis to appear\nMTA-363 - [UI][Custom migration targets] \"Repository type\" field name is missing\nMTA-364 - [Custom migration targets] Unknown image file when editing a custom migration target\nMTA-366 - Tagging: For no tags attached \"filter by\" can be improved\nMTA-367 - [Custom migration targets] Cannot use a custom migration target in analysis\nMTA-369 - Custom migration targets: HTML elements are duplicated\nMTA-375 - Run button does not execute the analysis\nMTA-377 - [UI][Custom rules] Custom rules screen of the analysis configuration wizard is always marked as required\nMTA-378 - [UI][Custom rules] Info message on the Custom rules screen is not updated\nMTA-38 - Only the first notification is displayed when multiple files are imported. \nMTA-381 - Custom Rules: When try to update Add rules the Error alert is displayed\nMTA-382 - Custom Rules: Sometimes able to upload duplicate rules files\nMTA-388 - CSV reports download empty when enabling the option after an analysis\nMTA-389 - [Custom rules in Analysis] Failed analysis when retrieving custom rules files from a private repository\nMTA-391 - [Custom rules in Analysis] Targets from uploaded rules file are not removed once the file is removed\nMTA-392 - Unable to see all custom migration targets when using a vertical monitor\nMTA-41 - [UI] Failed to refresh token if Keycloak feature \"Use Refresh Tokens\" is off\nMTA-412 - Display alert message before reviewing an already reviewed application\nMTA-428 - [Custom Rules] MTA analysis custom rules conflict message\nMTA-430 - Analysis wizard: Next button should be enabled only after at least one target is selected\nMTA-438 - Tagging: Retrieving tags needs a loading indicator\nMTA-439 - [Regression][Custom rules] Failed to run analysis with custom rules from a repository \nMTA-443 - Custom rules: Add button can be disabled until duplicate rule file is removed\nMTA-50 - RFE: Replace the MTA acronym in the title with \"Migration Toolkit for Applications\"\nMTA-51 - RFE: \" Select the list of packages to be analyzed manually\" to modify the title\nMTA-52 - [RFE] We can change \"Not associated artifact\" to \"No associated artifact\"\nMTA-55 - Can\u0027t choose a custom rule via a file explorer(mac OS finder) in Tackle 2.0\nMTA-78 - CVE-2022-46364 org.keycloak-keycloak-parent: Apache CXF: SSRF Vulnerability [mta-6.0]\nMTA-99 - Unable to use root path during checking for maven dependencies\n\n6. Description:\n\nMulticluster Engine for Kubernetes 2.1.6 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. \n\nJira issue addressed:\n\nACM-3513: MCE 2.1.6 images\n\nSecurity fix(es):\n\n* CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service\n(ReDoS) vulnerability\n\n3. Solution:\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nACM-3513 - MCE 2.1.6 Images\n\n6. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. Summary:\n\nRed Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now\navailable. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 2 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and\nenhancements, which are documented in the Release Notes document linked to\nin the References. \n\nSecurity Fix(es):\n\n* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)\n* expat: use-after free caused by overeager destruction of a shared DTD in\nXML_ExternalEntityParserCreate (CVE-2022-43680)\n* curl: HSTS bypass via IDN (CVE-2022-43551)\n* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)\n* curl: HSTS ignored on multiple requests (CVE-2023-23914)\n* curl: HSTS amnesia with --parallel (CVE-2023-23915)\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n* expat: use-after free caused by overeager destruction of a shared DTD in\nXML_ExternalEntityParserCreate (CVE-2022-43680)\n* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)\n* httpd: HTTP request splitting with mod_rewrite and mod_proxy\n(CVE-2023-25690)\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n* openssl: X.400 address type confusion in X.509 GeneralName\n(CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2140059 - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate\n2152639 - CVE-2022-43551 curl: HSTS bypass via IDN\n2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response\n2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte\n2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName\n2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation\n2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF\n2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex\n2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests\n2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64\n2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.11.43 bug fix and security update\nAdvisory ID: RHSA-2023:3542-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:3542\nIssue date: 2023-06-14\nCVE Names: CVE-2021-38561 CVE-2022-4304 CVE-2022-4450 \n CVE-2023-0215 CVE-2023-0361 CVE-2023-24540 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.11.43 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.11. \n\nRed Hat Product Security has rated this update as having a security impact\nof [impact]. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.11.43. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2023:3541\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. \n\n The sha values for the release are\n\n (For x86_64 architecture)\nThe image digest is\nsha256:d11cd63a623d33bda744f1a886d4b55710db4d68878967be2ebcd5535fafa25d\n\n (For s390x architecture)\nThe image digest is\nsha256:ff0182211e8d73877a69aec8a47c32f8b1e327bd4c9edad51bcffb576f8094dc\n\n (For ppc64le architecture)\nThe image digest is\nsha256:912d94c0fd0a61c85f9f7fea9c815bee35fa0def9c719984a625b9ba1392d403\n\n (For aarch64 architecture)\nThe image digest is\nsha256:724078d654fb07fc816508b70f548ada9e1241592af19e72757b7ad4d270c045\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOCPBUGS-10719 - machines stuck in provisioned or provisioning\nOCPBUGS-12750 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s\nOCPBUGS-13166 - Bump to kubernetes 1.24.14\nOCPBUGS-13661 - `cluster-reader` role cannot access \"k8s.ovn.org\" API Group resources\nOCPBUGS-13820 - Excessive memory consumption of aws-ebs-csi-driver-node pods (for 4.11)\nOCPBUGS-13916 - [4.11] container_network* metrics fail to report\nOCPBUGS-14069 - [4.11] Fast track BZ#2196441 (Network Manager)\nOCPBUGS-14288 - [4.11] Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install\nOCPBUGS-14564 - IPv6 interface and address missing in all pods - OCP 4.12-ec-2 BM IPI\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2022-4304\nhttps://access.redhat.com/security/cve/CVE-2022-4450\nhttps://access.redhat.com/security/cve/CVE-2023-0215\nhttps://access.redhat.com/security/cve/CVE-2023-0361\nhttps://access.redhat.com/security/cve/CVE-2023-24540\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZIoLmdzjgjWX9erEAQhcAw//ZaBKfQOKMM8l8SrzuJfWAcQn9H191408\n2C8ceKDrXIAJU/g+bKMAdIKOFKvQtIWLZeShgR2dxTjROnON/WYISXB/qAtLBC+f\nGLXB92+K+lCZSKOKUOg3HqYQj5hQUenM8pVz8s2pcmJKNpYwrJKCyB2fhdL0XZkp\nN0YSUYwUPlbOUkeWlwln2nb/U2Fy2auiOODbkwcZDExF/n1Qf7tLt3NXAIwi87Q5\nKpEnT2pI8J6w0xrArEOnd2aq6Ix4/IEglP0OIOSZ5p74bMACVxWuPiBCisea21Fl\n98WSfceQffy2SK3cygTFSxRt4GL31B5mcSAX5bFoDFXqZjzSEHhUIOAEAp7OG+oo\nCOMAR6xkiiwmFemjms1ttqbq65k8abj4CLTXd7zbz8qxo13/66nPF21mVaDoanrr\nuXap4EjXjIKutsO+jwfAi4J236maCH4MPt0QNwhB5qH+4uIxEO5H7HWza2q62kQ8\n8cHyfgPrquofuWIFW/bKXsedJFNm7bQy+A0FPABscO1CZme6TsKdBNz3n934BuXb\ngDSvG59Wu8gd7weM6IxYmQSPjpLR6intAalhvNT5HrKsCVjer8360z75u4J8Mt6D\nYd+NZObAYAGiNWRGQCQhHwSNUU6zzHAQYRsyf0dVnSq/PhiN6ILg0XCpi38U4hQb\nUewDEapQStY=\n=/4iS\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-4304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "PACKETSTORM",
"id": "174629"
},
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "PACKETSTORM",
"id": "173549"
},
{
"db": "PACKETSTORM",
"id": "172054"
},
{
"db": "PACKETSTORM",
"id": "172084"
},
{
"db": "PACKETSTORM",
"id": "172144"
},
{
"db": "PACKETSTORM",
"id": "172731"
},
{
"db": "PACKETSTORM",
"id": "172961"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-4304",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-23-143-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-222-09",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-075-04",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-255-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-044-09",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-205-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-08",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-11",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-15",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-102-08",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-06",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-065-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-160-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-10",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-11",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-194-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97200253",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95962757",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95292697",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99836374",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93250330",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91482879",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98345649",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98954443",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99752892",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92598492",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90056839",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91213144",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91676340",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2022-4304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174629",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176366",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172054",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172084",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172961",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "PACKETSTORM",
"id": "174629"
},
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "PACKETSTORM",
"id": "173549"
},
{
"db": "PACKETSTORM",
"id": "172054"
},
{
"db": "PACKETSTORM",
"id": "172084"
},
{
"db": "PACKETSTORM",
"id": "172144"
},
{
"db": "PACKETSTORM",
"id": "172731"
},
{
"db": "PACKETSTORM",
"id": "172961"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"id": "VAR-202302-0482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2376099833333333
},
"last_update_date": "2025-12-19T20:52:41.589000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-135 Software product security information",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-4304"
},
{
"title": "Amazon Linux AMI: ALAS-2023-1683",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2023-1683"
},
{
"title": "Debian Security Advisories: DSA-5343-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b6a11b827fe9cfaea9c113b2ad37856f"
},
{
"title": "Amazon Linux 2: ALAS2-2023-1935",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-1935"
},
{
"title": "Amazon Linux 2: ALAS2-2023-1934",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-1934"
},
{
"title": "Palo Alto Networks Security Advisory: PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=3092389eb9f034e4b8387a75a5ae33f8"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-4304 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4304"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"trust": 1.0,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2023-0003"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-4304"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91213144/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99752892/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91676340/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95292697/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90056839/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97200253/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92598492/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98954443/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99836374/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93250330/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95962757/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91482879/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98345649/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-02"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-06"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-065-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-02"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-4450"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2023-0215"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4450"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2023-0361"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0215"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2023-0286"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0286"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2023-23916"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-3089"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
},
{
"trust": 0.2,
"url": "https://issues.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0767"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-48303"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4415"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28861"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28861"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4415"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10735"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-48303"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25881"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-4304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2023-1683.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-38408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-2828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-3899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0401"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6564-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41723"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-2283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1667"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-26604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27664"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3172"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3162"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2995"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2061"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-43945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4269"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2873"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4378"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4378"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-43552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43680"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-43680"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23914"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3355"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-20001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43551"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2006-20001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-43551"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24540"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "PACKETSTORM",
"id": "174629"
},
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "PACKETSTORM",
"id": "173549"
},
{
"db": "PACKETSTORM",
"id": "172054"
},
{
"db": "PACKETSTORM",
"id": "172084"
},
{
"db": "PACKETSTORM",
"id": "172144"
},
{
"db": "PACKETSTORM",
"id": "172731"
},
{
"db": "PACKETSTORM",
"id": "172961"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "PACKETSTORM",
"id": "174629"
},
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "PACKETSTORM",
"id": "173549"
},
{
"db": "PACKETSTORM",
"id": "172054"
},
{
"db": "PACKETSTORM",
"id": "172084"
},
{
"db": "PACKETSTORM",
"id": "172144"
},
{
"db": "PACKETSTORM",
"id": "172731"
},
{
"db": "PACKETSTORM",
"id": "172961"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"date": "2023-09-12T16:19:34",
"db": "PACKETSTORM",
"id": "174629"
},
{
"date": "2024-01-03T14:50:24",
"db": "PACKETSTORM",
"id": "176366"
},
{
"date": "2023-07-18T13:36:26",
"db": "PACKETSTORM",
"id": "173549"
},
{
"date": "2023-04-27T18:56:06",
"db": "PACKETSTORM",
"id": "172054"
},
{
"date": "2023-05-02T15:33:51",
"db": "PACKETSTORM",
"id": "172084"
},
{
"date": "2023-05-04T14:40:25",
"db": "PACKETSTORM",
"id": "172144"
},
{
"date": "2023-06-06T16:29:30",
"db": "PACKETSTORM",
"id": "172731"
},
{
"date": "2023-06-16T15:54:13",
"db": "PACKETSTORM",
"id": "172961"
},
{
"date": "2023-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"date": "2023-02-08T20:15:23.887000",
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"date": "2025-09-22T02:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"date": "2025-11-04T20:16:14.897000",
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "176366"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 side-channel vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
}
],
"trust": 0.8
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.