ID

VAR-202210-0997


CVE

CVE-2022-40303


TITLE

Red Hat Security Advisory 2023-0795-01

Trust: 0.1

sources: PACKETSTORM: 171026

DESCRIPTION

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. libxml2 is an open source library for parsing XML documents. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/. This advisory contains bug fixes and enhancements to the Submariner container images. Security fixes: * CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags Bugs addressed: * Build Submariner 0.13.3 (ACM-2226) * Verify Submariner with OCP 4.12 (ACM-2435) * Submariner does not support cluster "kube-proxy ipvs mode" (ACM-2821) 3. Bugs fixed (https://bugzilla.redhat.com/): 2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 5. JIRA issues fixed (https://issues.jboss.org/): ACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3 ACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12 ACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster "kube-proxy ipvs mode" 6. JIRA issues fixed (https://issues.jboss.org/): LOG-3533 - tls.cert, tls.key and passphrase are not passed to the fluentd configuration when forwarding logs using syslog over TLS LOG-3534 - [release-5.5] [Administrator Console] Seeing "parse error" while using Severity filter for cluster view user 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update Advisory ID: RHSA-2023:1174-01 Product: OpenShift API for Data Protection Advisory URL: https://access.redhat.com/errata/RHSA-2023:1174 Issue date: 2023-03-09 CVE Names: CVE-2021-46848 CVE-2022-1122 CVE-2022-1304 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2879 CVE-2022-2880 CVE-2022-2953 CVE-2022-4415 CVE-2022-4883 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-30293 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-41715 CVE-2022-41717 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 CVE-2022-44617 CVE-2022-46285 CVE-2022-47629 CVE-2022-48303 ===================================================================== 1. Summary: OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es) from Bugzilla: * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): OADP-1056 - DPA fails validation if multiple BSLs have the same provider OADP-1150 - Handle docker env config changes in the oadp-operator OADP-1217 - update velero + restic to 1.9.5 OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found" OADP-290 - Remove creation/usage of velero-privileged SCC 6. References: https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1122 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2056 https://access.redhat.com/security/cve/CVE-2022-2057 https://access.redhat.com/security/cve/CVE-2022-2058 https://access.redhat.com/security/cve/CVE-2022-2519 https://access.redhat.com/security/cve/CVE-2022-2520 https://access.redhat.com/security/cve/CVE-2022-2521 https://access.redhat.com/security/cve/CVE-2022-2867 https://access.redhat.com/security/cve/CVE-2022-2868 https://access.redhat.com/security/cve/CVE-2022-2869 https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-2953 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4883 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/cve/CVE-2022-44617 https://access.redhat.com/security/cve/CVE-2022-46285 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIUAwUBZAk/3dzjgjWX9erEAQgKPg/3Ri4q2NpruiiTlkWhpwy+dG0BuwSIKfuL kmzLCcLLAQlCsEi31S3qtFbcBl5IK4JAPRMXtN7egvfjbKorCzwPGp/IolN9FJqc SEEJ51mMBxLEPWjkuKH2Cad0QrefcaslXzGxJiUw1IngilOxhNFyniDhrr3dUdPo hvwuozHmVLVKimJ1GNpX4PWPO5flQ81LnIT2kJdhlQWYDjVZ1SLPvfyxI6WxxVl8 PceMlXGzhhSJJ0G35jGq5p96JCtwX+75gYwkuYjkPqqIUElfpRKBvrXwt+Ci6baH hg8/Jp3Hdm3YitqDjsmysRxUkfv2ufuxIsgWfMYK3duo5mJQJWEVJ5S1C/2TOgPC QNhwk2VeWHFVSojudGUH9kqrV3wT+BHK1XReKjV8++yLZIbDy5ywH/dOjbA4RAkh vdQVc8xOGqgAsSN3DkjH7LWS86qktibW+Tm+h5c8HyRrOajwKeP67to2GfnRPva5 1TNAhR0eDqy1HQ/SgE6Hkx1f2sSjfT0dpnEIMZD2+Cmp64bFlm5KoZNXLmUlTmhu vtDQtamhHlotPGV8znjMGbxpucpkzvGbTUPF1dQZo7xJP+Z8GedJLStvPhtTvN1T JaZ5PvPR9HVmjWOWpxsIll7xwx/wwfclRWH02hZj4eiNhjCnPQFWenAOfNCgus8D 4jA0TFXFMA== =24ND -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified 2162517 - CVE-2023-22736 argocd: Controller reconciles apps outside configured namespaces when sharding is enabled 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1 iOS 16.1.1 and iPadOS 16.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213505. libxml2 Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2022-40303: Maddie Stone of Google Project Zero libxml2 Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. Bugs fixed (https://bugzilla.redhat.com/): 2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2156683 - CVE-2020-36567 gin: Unsanitized input in the default logger in github.com/gin-gonic/gin 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): MTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod MTA-106 - Implement ability for windup addon image pull policy to be configurable MTA-122 - MTA is upgrading automatically ignoring 'Manual' setting MTA-123 - MTA Becomes unusable when running bulk binary analysis MTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing MTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1 MTA-36 - Can't disable a proxy if it has an invalid configuration MTA-44 - Make RWX volumes optional. MTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct % MTA-59 - Getting error 401 if deleting many credentials quickly MTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter MTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6] MTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6] MTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6] MTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6] MTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-85 - CVE-2022-24999 mta-ui-container: express: "qs" prototype poisoning causes the hang of the node process [mta-6] MTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-96 - [UI] Maven -> "Local artifact repository" textbox can be checked and has no tooltip 6. Description: Service Binding manages the data plane for applications and backing services. JIRA issues fixed (https://issues.jboss.org/): APPSVC-1204 - Provisioned Service discovery APPSVC-1256 - CVE-2022-41717 6

Trust: 1.89

sources: NVD: CVE-2022-40303 // VULHUB: VHN-429429 // VULMON: CVE-2022-40303 // PACKETSTORM: 171026 // PACKETSTORM: 171017 // PACKETSTORM: 171310 // PACKETSTORM: 171260 // PACKETSTORM: 170752 // PACKETSTORM: 169857 // PACKETSTORM: 171144 // PACKETSTORM: 171127 // PACKETSTORM: 172460

AFFECTED PRODUCTS

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.2

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.7.2

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:manageability sdkscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.7.2

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.10.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7.2

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.2

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6.2

Trust: 1.0

sources: NVD: CVE-2022-40303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-40303
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-40303
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-40303
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: NVD: CVE-2022-40303 // NVD: CVE-2022-40303

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

sources: VULHUB: VHN-429429 // NVD: CVE-2022-40303

TYPE

bypass

Trust: 0.1

sources: PACKETSTORM: 170752

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-429429

PATCH

title:Debian CVElist Bug Report Logs: libxml2: CVE-2022-40303: Integer overflows with XML_PARSE_HUGEurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5e77d7ff7e5e68d6c261fad482d55aba

Trust: 0.1

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-40303

Trust: 0.1

sources: VULMON: CVE-2022-40303

EXTERNAL IDS

db:NVDid:CVE-2022-40303

Trust: 2.1

db:PACKETSTORMid:169857

Trust: 0.2

db:PACKETSTORMid:170752

Trust: 0.2

db:PACKETSTORMid:171017

Trust: 0.2

db:PACKETSTORMid:171260

Trust: 0.2

db:PACKETSTORMid:170317

Trust: 0.1

db:PACKETSTORMid:170316

Trust: 0.1

db:PACKETSTORMid:170753

Trust: 0.1

db:PACKETSTORMid:171016

Trust: 0.1

db:PACKETSTORMid:170318

Trust: 0.1

db:PACKETSTORMid:169825

Trust: 0.1

db:PACKETSTORMid:170555

Trust: 0.1

db:PACKETSTORMid:171173

Trust: 0.1

db:PACKETSTORMid:171043

Trust: 0.1

db:PACKETSTORMid:169620

Trust: 0.1

db:PACKETSTORMid:170899

Trust: 0.1

db:PACKETSTORMid:170096

Trust: 0.1

db:PACKETSTORMid:170312

Trust: 0.1

db:PACKETSTORMid:170955

Trust: 0.1

db:PACKETSTORMid:169858

Trust: 0.1

db:PACKETSTORMid:169732

Trust: 0.1

db:PACKETSTORMid:170097

Trust: 0.1

db:PACKETSTORMid:171042

Trust: 0.1

db:PACKETSTORMid:170754

Trust: 0.1

db:PACKETSTORMid:170315

Trust: 0.1

db:PACKETSTORMid:171040

Trust: 0.1

db:CNNVDid:CNNVD-202210-1031

Trust: 0.1

db:VULHUBid:VHN-429429

Trust: 0.1

db:VULMONid:CVE-2022-40303

Trust: 0.1

db:PACKETSTORMid:171026

Trust: 0.1

db:PACKETSTORMid:171310

Trust: 0.1

db:PACKETSTORMid:171144

Trust: 0.1

db:PACKETSTORMid:171127

Trust: 0.1

db:PACKETSTORMid:172460

Trust: 0.1

sources: VULHUB: VHN-429429 // VULMON: CVE-2022-40303 // PACKETSTORM: 171026 // PACKETSTORM: 171017 // PACKETSTORM: 171310 // PACKETSTORM: 171260 // PACKETSTORM: 170752 // PACKETSTORM: 169857 // PACKETSTORM: 171144 // PACKETSTORM: 171127 // PACKETSTORM: 172460 // NVD: CVE-2022-40303

REFERENCES

url:https://security.netapp.com/advisory/ntap-20221209-0003/

Trust: 1.1

url:https://support.apple.com/kb/ht213531

Trust: 1.1

url:https://support.apple.com/kb/ht213533

Trust: 1.1

url:https://support.apple.com/kb/ht213534

Trust: 1.1

url:https://support.apple.com/kb/ht213535

Trust: 1.1

url:https://support.apple.com/kb/ht213536

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/21

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/24

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/25

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/26

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/27

Trust: 1.1

url:https://gitlab.gnome.org/gnome/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

Trust: 1.1

url:https://gitlab.gnome.org/gnome/libxml2/-/tags/v2.10.3

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2022-40303

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2022-40304

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-35737

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-46848

Trust: 0.7

url:https://issues.jboss.org/):

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-46848

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-47629

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22628

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-1304

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22624

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22629

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-41717

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-43680

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-42012

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-42010

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-42011

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-40303

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-40304

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-26709

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-26710

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-26700

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-4415

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-41715

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-35737

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-3821

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2601

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3787

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3775

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-47629

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23521

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-41903

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23521

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2953

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2879

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2880

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2869

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27404

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2058

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25310

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25309

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2057

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2058

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2521

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2519

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2056

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27405

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27406

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2056

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2868

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2520

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2867

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2519

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2057

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26716

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26717

Trust: 0.2

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224

Trust: 0.1

url:https://submariner.io/.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2601

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35527

Trust: 0.1

url:https://submariner.io/getting-started/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40674

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2509

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35525

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0795

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30698

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30699

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41974

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48303

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:1174

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4883

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-44617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2879

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:1079

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4415

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41715

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0467

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-43680

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-22736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-22482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-22736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-22482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42010

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42011

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3821

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://support.apple.com/ht213505.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-35065

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35065

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46175

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36567

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37601

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21830

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36567

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30293

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-23916

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27664

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32190

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41725

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0215

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27664

Trust: 0.1

sources: VULHUB: VHN-429429 // VULMON: CVE-2022-40303 // PACKETSTORM: 171026 // PACKETSTORM: 171017 // PACKETSTORM: 171310 // PACKETSTORM: 171260 // PACKETSTORM: 170752 // PACKETSTORM: 169857 // PACKETSTORM: 171144 // PACKETSTORM: 171127 // PACKETSTORM: 172460 // NVD: CVE-2022-40303

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 171026 // PACKETSTORM: 171017 // PACKETSTORM: 171310 // PACKETSTORM: 171260 // PACKETSTORM: 170752 // PACKETSTORM: 171144 // PACKETSTORM: 171127 // PACKETSTORM: 172460

SOURCES

db:VULHUBid:VHN-429429
db:VULMONid:CVE-2022-40303
db:PACKETSTORMid:171026
db:PACKETSTORMid:171017
db:PACKETSTORMid:171310
db:PACKETSTORMid:171260
db:PACKETSTORMid:170752
db:PACKETSTORMid:169857
db:PACKETSTORMid:171144
db:PACKETSTORMid:171127
db:PACKETSTORMid:172460
db:NVDid:CVE-2022-40303

LAST UPDATE DATE

2026-07-10T20:24:05.081000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-429429date:2023-01-11T00:00:00
db:NVDid:CVE-2022-40303date:2025-04-29T05:15:43.693

SOURCES RELEASE DATE

db:VULHUBid:VHN-429429date:2022-11-23T00:00:00
db:PACKETSTORMid:171026date:2023-02-16T15:45:25
db:PACKETSTORMid:171017date:2023-02-16T15:42:01
db:PACKETSTORMid:171310date:2023-03-09T15:14:10
db:PACKETSTORMid:171260date:2023-03-07T19:04:22
db:PACKETSTORMid:170752date:2023-01-26T15:34:49
db:PACKETSTORMid:169857date:2022-11-15T16:42:23
db:PACKETSTORMid:171144date:2023-02-28T16:03:55
db:PACKETSTORMid:171127date:2023-02-27T14:51:11
db:PACKETSTORMid:172460date:2023-05-19T14:41:19
db:NVDid:CVE-2022-40303date:2022-11-23T00:15:11.007