Details of VAR-202203-0072

ID

VAR-202203-0072

CVE

CVE-2022-22720

TITLE

Apache HTTP Server Environmental problem loophole

Trust: 0.6

sources: CNNVD: CNNVD-202203-1236

DESCRIPTION

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details were provided at this time. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256. apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2022:1045-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1045 Issue date: 2022-03-24 CVE Names: CVE-2022-22720 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.5.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64.rpm mod_session-2.4.6-97.el7_9.5.ppc64.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.5.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64le.rpm mod_session-2.4.6-97.el7_9.5.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.5.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm httpd-devel-2.4.6-97.el7_9.5.s390x.rpm httpd-tools-2.4.6-97.el7_9.5.s390x.rpm mod_session-2.4.6-97.el7_9.5.s390x.rpm mod_ssl-2.4.6-97.el7_9.5.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm mod_ldap-2.4.6-97.el7_9.5.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.5.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 7) - noarch, x86_64 3

Trust: 1.71

sources: NVD: CVE-2022-22720 // VULHUB: VHN-411396 // VULMON: CVE-2022-22720 // PACKETSTORM: 167188 // PACKETSTORM: 166457 // PACKETSTORM: 166528 // PACKETSTORM: 166579 // PACKETSTORM: 168072 // PACKETSTORM: 166488 // PACKETSTORM: 166501

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	apple	model:	macos	scope:	lte	version:	12.4	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.52	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0

sources: NVD: CVE-2022-22720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22720
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202203-1236
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-411396
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-22720
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-22720
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-411396
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22720
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-411396 // VULMON: CVE-2022-22720 // CNNVD: CNNVD-202203-1236 // NVD: CVE-2022-22720

PROBLEMTYPE DATA

problemtype:

CWE-444

Trust: 1.1

sources: VULHUB: VHN-411396 // NVD: CVE-2022-22720

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 168072 // CNNVD: CNNVD-202203-1236

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202203-1236

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-411396

PATCH

title:	Apache HTTP Server Remediation measures for environmental problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186364	Trust: 0.6
title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221049 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221080 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221173 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221102 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221045 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd24-httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221075 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221072 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221137 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221136 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221138 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221139 - Security Advisory	Trust: 0.1
title:	Red Hat:	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-22720	Trust: 0.1
title:	Ubuntu Security Notice: USN-5333-2: Apache HTTP Server vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5333-2	Trust: 0.1
title:	Ubuntu Security Notice: USN-5333-1: Apache HTTP Server vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5333-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1584	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1584	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221390 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221389 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-119	Trust: 0.1
title:	Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-128	Trust: 0.1
title:	Hitachi Security Advisories: Vulnerability in JP1 and Hitachi IT Operations Director	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-142	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1783	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1783	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-053	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-053	Trust: 0.1
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1
title:	PROJET TUTEURE	url:	https://github.com/PierreChrd/py-projet-tut	Trust: 0.1
title:	Tier 0 Tier 1 Tier 2	url:	https://github.com/Totes5706/TotesHTB	Trust: 0.1
title:	Requirements vulnsearch-cve Usage vulnsearch Usage Test Sample	url:	https://github.com/kasem545/vulnsearch	Trust: 0.1
title:	Skynet	url:	https://github.com/bioly230/THM_Skynet	Trust: 0.1
title:	Shodan Search Script	url:	https://github.com/firatesatoglu/shodanSearch	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22720 // CNNVD: CNNVD-202203-1236

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22720	Trust: 2.5
db:	OPENWALL	id:	OSS-SECURITY/2022/03/14/3	Trust: 1.8
db:	PACKETSTORM	id:	166501	Trust: 0.8
db:	PACKETSTORM	id:	166457	Trust: 0.8
db:	PACKETSTORM	id:	168072	Trust: 0.8
db:	PACKETSTORM	id:	166528	Trust: 0.8
db:	PACKETSTORM	id:	166355	Trust: 0.7
db:	PACKETSTORM	id:	166365	Trust: 0.7
db:	PACKETSTORM	id:	167189	Trust: 0.7
db:	ICS CERT	id:	ICSA-22-132-02	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.2411	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2376	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4174	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2352	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1234	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1077	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1328	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1270	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1158	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1269	Trust: 0.6
db:	PACKETSTORM	id:	166584	Trust: 0.6
db:	PACKETSTORM	id:	166803	Trust: 0.6
db:	CS-HELP	id:	SB2022032432	Trust: 0.6
db:	CS-HELP	id:	SB2022050324	Trust: 0.6
db:	CS-HELP	id:	SB2022072204	Trust: 0.6
db:	CS-HELP	id:	SB2022051316	Trust: 0.6
db:	CS-HELP	id:	SB2022031727	Trust: 0.6
db:	CS-HELP	id:	SB2022060706	Trust: 0.6
db:	CS-HELP	id:	SB2022032127	Trust: 0.6
db:	CS-HELP	id:	SB2022042138	Trust: 0.6
db:	CS-HELP	id:	SB2022041954	Trust: 0.6
db:	CS-HELP	id:	SB2022051703	Trust: 0.6
db:	CS-HELP	id:	SB2022032924	Trust: 0.6
db:	CS-HELP	id:	SB2022031416	Trust: 0.6
db:	CS-HELP	id:	SB2022031504	Trust: 0.6
db:	CS-HELP	id:	SB2022032819	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1236	Trust: 0.6
db:	PACKETSTORM	id:	167188	Trust: 0.2
db:	PACKETSTORM	id:	166488	Trust: 0.2
db:	PACKETSTORM	id:	166492	Trust: 0.1
db:	PACKETSTORM	id:	166450	Trust: 0.1
db:	PACKETSTORM	id:	167186	Trust: 0.1
db:	CNVD	id:	CNVD-2022-51061	Trust: 0.1
db:	VULHUB	id:	VHN-411396	Trust: 0.1
db:	VULMON	id:	CVE-2022-22720	Trust: 0.1
db:	PACKETSTORM	id:	166579	Trust: 0.1

sources: VULHUB: VHN-411396 // VULMON: CVE-2022-22720 // PACKETSTORM: 167188 // PACKETSTORM: 166457 // PACKETSTORM: 166528 // PACKETSTORM: 166579 // PACKETSTORM: 168072 // PACKETSTORM: 166488 // PACKETSTORM: 166501 // CNNVD: CNNVD-202203-1236 // NVD: CVE-2022-22720

REFERENCES

url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.9
url:	https://security.netapp.com/advisory/ntap-20220321-0001/	Trust: 1.8
url:	https://support.apple.com/kb/ht213255	Trust: 1.8
url:	https://support.apple.com/kb/ht213256	Trust: 1.8
url:	https://support.apple.com/kb/ht213257	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/38	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/35	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/33	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2022/03/14/3	Trust: 1.8
url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.2
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2022-22720	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.7
url:	httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051316	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1158	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032819	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1234	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1077	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031727	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060706	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1270	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041954	Trust: 0.6
url:	https://packetstormsecurity.com/files/166584/red-hat-security-advisory-2022-1173-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166528/red-hat-security-advisory-2022-1102-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4174	Trust: 0.6
url:	https://packetstormsecurity.com/files/166803/red-hat-security-advisory-2022-1390-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2352	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031416	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2376	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1328	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2411	Trust: 0.6
url:	https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032127	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1269	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051703	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072204	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032924	Trust: 0.6
url:	https://packetstormsecurity.com/files/166355/ubuntu-security-notice-usn-5333-1.html	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-http-server-information-disclosure-via-unclosed-inbound-connection-37793	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22720/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042138	Trust: 0.6
url:	https://support.apple.com/en-us/ht213256	Trust: 0.6
url:	https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166365/ubuntu-security-notice-usn-5333-2.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166457/red-hat-security-advisory-2022-1045-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031504	Trust: 0.6
url:	https://packetstormsecurity.com/files/166501/red-hat-security-advisory-2022-1075-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032432	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050324	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/444.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1049	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5333-2	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-02	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46059	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0128	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4187	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22674	Trust: 0.1
url:	https://support.apple.com/ht213256.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0530	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4193	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26697	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4173	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4192	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4136	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22675	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26706	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22665	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26712	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4166	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1045	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1102	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44790	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1138	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28614	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31813	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29404	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30556	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26377	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1072	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1075	Trust: 0.1

CREDITS

Mitsubishi Electric notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202203-1236

SOURCES

db:	VULHUB	id:	VHN-411396
db:	VULMON	id:	CVE-2022-22720
db:	PACKETSTORM	id:	167188
db:	PACKETSTORM	id:	166457
db:	PACKETSTORM	id:	166528
db:	PACKETSTORM	id:	166579
db:	PACKETSTORM	id:	168072
db:	PACKETSTORM	id:	166488
db:	PACKETSTORM	id:	166501
db:	CNNVD	id:	CNNVD-202203-1236
db:	NVD	id:	CVE-2022-22720

LAST UPDATE DATE

2025-08-11T20:10:50.679000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411396	date:	2022-11-02T00:00:00
db:	VULMON	id:	CVE-2022-22720	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202203-1236	date:	2022-08-25T00:00:00
db:	NVD	id:	CVE-2022-22720	date:	2024-11-21T06:47:18.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411396	date:	2022-03-14T00:00:00
db:	VULMON	id:	CVE-2022-22720	date:	2022-03-14T00:00:00
db:	PACKETSTORM	id:	167188	date:	2022-05-17T16:59:42
db:	PACKETSTORM	id:	166457	date:	2022-03-25T15:21:09
db:	PACKETSTORM	id:	166528	date:	2022-03-29T17:15:37
db:	PACKETSTORM	id:	166579	date:	2022-04-04T14:33:43
db:	PACKETSTORM	id:	168072	date:	2022-08-15T16:02:48
db:	PACKETSTORM	id:	166488	date:	2022-03-28T15:52:08
db:	PACKETSTORM	id:	166501	date:	2022-03-28T15:55:12
db:	CNNVD	id:	CNNVD-202203-1236	date:	2022-03-14T00:00:00
db:	NVD	id:	CVE-2022-22720	date:	2022-03-14T11:15:09.083