VARIoT IoT vulnerabilities database
| VAR-202207-0588 | CVE-2022-32215 | llhttp of llhttp in products from other multiple vendors HTTP Request Smuggling Vulnerability |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). llhttp of llhttp For products from other vendors, HTTP There is a vulnerability related to request smuggling.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update
Advisory ID: RHSA-2022:6389-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6389
Issue date: 2022-09-08
CVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214
CVE-2022-32215 CVE-2022-33987
====================================================================
1. Summary:
An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now
available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version:
rh-nodejs14-nodejs (14.20.0).
Security Fix(es):
* nodejs: DNS rebinding in --inspect via invalid IP addresses
(CVE-2022-32212)
* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
(CVE-2022-32213)
* nodejs: HTTP request smuggling due to improper delimiting of header
fields (CVE-2022-32214)
* nodejs: HTTP request smuggling due to incorrect parsing of multi-line
Transfer-Encoding (CVE-2022-32215)
* got: missing verification of requested URLs allows redirects to UNIX
sockets (CVE-2022-33987)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets
2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses
2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields
2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm
rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm
noarch:
rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm
rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm
ppc64le:
rh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm
rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm
rh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm
rh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm
s390x:
rh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm
rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm
rh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm
rh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm
x86_64:
rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm
rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm
rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm
rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm
rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm
noarch:
rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm
rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm
x86_64:
rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm
rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm
rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm
rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-32212
https://access.redhat.com/security/cve/CVE-2022-32213
https://access.redhat.com/security/cve/CVE-2022-32214
https://access.redhat.com/security/cve/CVE-2022-32215
https://access.redhat.com/security/cve/CVE-2022-33987
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/
ODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm
VScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ
bAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF
IPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq
+62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM
4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M
3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91
BYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI
nBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX
bcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz
hGdWoRKL34w\xcePC
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. 9) - aarch64, noarch, ppc64le, s390x, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5326-1 security@debian.org
https://www.debian.org/security/ Aron Xu
January 24, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : nodejs
CVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
CVE-2022-35255 CVE-2022-35256 CVE-2022-43548
Multiple vulnerabilities were discovered in Node.js, which could result
in HTTP request smuggling, bypass of host IP address validation and weak
randomness setup.
For the stable distribution (bullseye), these problems have been fixed in
version 12.22.12~dfsg-1~deb11u3.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nodejs
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8
TjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp
WblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd
Txb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW
xbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9
0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf
EtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2
idXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w
Y9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7
u0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu
boP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH
ujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\xfeRn
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-6491-1
November 21, 2023
nodejs vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Node.js.
Software Description:
- nodejs: An open-source, cross-platform JavaScript runtime environment.
Details:
Axel Chong discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-32212)
Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213,
CVE-2022-32214, CVE-2022-32215)
It was discovered that Node.js incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256)
It was discovered that Node.js incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libnode-dev 12.22.9~dfsg-1ubuntu3.2
libnode72 12.22.9~dfsg-1ubuntu3.2
nodejs 12.22.9~dfsg-1ubuntu3.2
nodejs-doc 12.22.9~dfsg-1ubuntu3.2
Ubuntu 20.04 LTS:
libnode-dev 10.19.0~dfsg-3ubuntu1.3
libnode64 10.19.0~dfsg-3ubuntu1.3
nodejs 10.19.0~dfsg-3ubuntu1.3
nodejs-doc 10.19.0~dfsg-3ubuntu1.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
nodejs 8.10.0~dfsg-2ubuntu0.4+esm4
nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm4
nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm4
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Node.js: Multiple Vulnerabilities
Date: May 08, 2024
Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614
ID: 202405-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in Node.js.
Background
=========
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
Affected packages
================
Package Vulnerable Unaffected
--------------- ------------ ------------
net-libs/nodejs < 16.20.2 >= 16.20.2
Description
==========
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Node.js 20 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"
All Node.js 18 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"
All Node.js 16 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"
References
=========
[ 1 ] CVE-2020-7774
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
[ 2 ] CVE-2021-3672
https://nvd.nist.gov/vuln/detail/CVE-2021-3672
[ 3 ] CVE-2021-22883
https://nvd.nist.gov/vuln/detail/CVE-2021-22883
[ 4 ] CVE-2021-22884
https://nvd.nist.gov/vuln/detail/CVE-2021-22884
[ 5 ] CVE-2021-22918
https://nvd.nist.gov/vuln/detail/CVE-2021-22918
[ 6 ] CVE-2021-22930
https://nvd.nist.gov/vuln/detail/CVE-2021-22930
[ 7 ] CVE-2021-22931
https://nvd.nist.gov/vuln/detail/CVE-2021-22931
[ 8 ] CVE-2021-22939
https://nvd.nist.gov/vuln/detail/CVE-2021-22939
[ 9 ] CVE-2021-22940
https://nvd.nist.gov/vuln/detail/CVE-2021-22940
[ 10 ] CVE-2021-22959
https://nvd.nist.gov/vuln/detail/CVE-2021-22959
[ 11 ] CVE-2021-22960
https://nvd.nist.gov/vuln/detail/CVE-2021-22960
[ 12 ] CVE-2021-37701
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
[ 13 ] CVE-2021-37712
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
[ 14 ] CVE-2021-39134
https://nvd.nist.gov/vuln/detail/CVE-2021-39134
[ 15 ] CVE-2021-39135
https://nvd.nist.gov/vuln/detail/CVE-2021-39135
[ 16 ] CVE-2021-44531
https://nvd.nist.gov/vuln/detail/CVE-2021-44531
[ 17 ] CVE-2021-44532
https://nvd.nist.gov/vuln/detail/CVE-2021-44532
[ 18 ] CVE-2021-44533
https://nvd.nist.gov/vuln/detail/CVE-2021-44533
[ 19 ] CVE-2022-0778
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
[ 20 ] CVE-2022-3602
https://nvd.nist.gov/vuln/detail/CVE-2022-3602
[ 21 ] CVE-2022-3786
https://nvd.nist.gov/vuln/detail/CVE-2022-3786
[ 22 ] CVE-2022-21824
https://nvd.nist.gov/vuln/detail/CVE-2022-21824
[ 23 ] CVE-2022-32212
https://nvd.nist.gov/vuln/detail/CVE-2022-32212
[ 24 ] CVE-2022-32213
https://nvd.nist.gov/vuln/detail/CVE-2022-32213
[ 25 ] CVE-2022-32214
https://nvd.nist.gov/vuln/detail/CVE-2022-32214
[ 26 ] CVE-2022-32215
https://nvd.nist.gov/vuln/detail/CVE-2022-32215
[ 27 ] CVE-2022-32222
https://nvd.nist.gov/vuln/detail/CVE-2022-32222
[ 28 ] CVE-2022-35255
https://nvd.nist.gov/vuln/detail/CVE-2022-35255
[ 29 ] CVE-2022-35256
https://nvd.nist.gov/vuln/detail/CVE-2022-35256
[ 30 ] CVE-2022-35948
https://nvd.nist.gov/vuln/detail/CVE-2022-35948
[ 31 ] CVE-2022-35949
https://nvd.nist.gov/vuln/detail/CVE-2022-35949
[ 32 ] CVE-2022-43548
https://nvd.nist.gov/vuln/detail/CVE-2022-43548
[ 33 ] CVE-2023-30581
https://nvd.nist.gov/vuln/detail/CVE-2023-30581
[ 34 ] CVE-2023-30582
https://nvd.nist.gov/vuln/detail/CVE-2023-30582
[ 35 ] CVE-2023-30583
https://nvd.nist.gov/vuln/detail/CVE-2023-30583
[ 36 ] CVE-2023-30584
https://nvd.nist.gov/vuln/detail/CVE-2023-30584
[ 37 ] CVE-2023-30586
https://nvd.nist.gov/vuln/detail/CVE-2023-30586
[ 38 ] CVE-2023-30587
https://nvd.nist.gov/vuln/detail/CVE-2023-30587
[ 39 ] CVE-2023-30588
https://nvd.nist.gov/vuln/detail/CVE-2023-30588
[ 40 ] CVE-2023-30589
https://nvd.nist.gov/vuln/detail/CVE-2023-30589
[ 41 ] CVE-2023-30590
https://nvd.nist.gov/vuln/detail/CVE-2023-30590
[ 42 ] CVE-2023-32002
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
[ 43 ] CVE-2023-32003
https://nvd.nist.gov/vuln/detail/CVE-2023-32003
[ 44 ] CVE-2023-32004
https://nvd.nist.gov/vuln/detail/CVE-2023-32004
[ 45 ] CVE-2023-32005
https://nvd.nist.gov/vuln/detail/CVE-2023-32005
[ 46 ] CVE-2023-32006
https://nvd.nist.gov/vuln/detail/CVE-2023-32006
[ 47 ] CVE-2023-32558
https://nvd.nist.gov/vuln/detail/CVE-2023-32558
[ 48 ] CVE-2023-32559
https://nvd.nist.gov/vuln/detail/CVE-2023-32559
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-29
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202207-0378 | CVE-2022-32222 | Node.js Foundation of Node.js Uncontrolled Search Path Element Vulnerability in Products from Other Vendors |
CVSS V2: - CVSS V3: 5.3 Severity: MEDIUM |
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. Node.js Foundation of Node.js Products from multiple other vendors are vulnerable to uncontrolled search path elements.Information may be tampered with. Node.js July 7th 2022 Security Releases: Attempt to read openssl.cnf from /home/iojs/build/ upon startup. When Node.js starts on linux based systems, it attempts to read /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf, which ordinarily doesn't exist. On some shared systems an attacker may be able create this file and therefore affect the default OpenSSL configuration for other users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Node.js: Multiple Vulnerabilities
Date: May 08, 2024
Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614
ID: 202405-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in Node.js.
Background
=========
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Please review
the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Node.js 20 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"
All Node.js 18 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"
All Node.js 16 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"
References
=========
[ 1 ] CVE-2020-7774
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
[ 2 ] CVE-2021-3672
https://nvd.nist.gov/vuln/detail/CVE-2021-3672
[ 3 ] CVE-2021-22883
https://nvd.nist.gov/vuln/detail/CVE-2021-22883
[ 4 ] CVE-2021-22884
https://nvd.nist.gov/vuln/detail/CVE-2021-22884
[ 5 ] CVE-2021-22918
https://nvd.nist.gov/vuln/detail/CVE-2021-22918
[ 6 ] CVE-2021-22930
https://nvd.nist.gov/vuln/detail/CVE-2021-22930
[ 7 ] CVE-2021-22931
https://nvd.nist.gov/vuln/detail/CVE-2021-22931
[ 8 ] CVE-2021-22939
https://nvd.nist.gov/vuln/detail/CVE-2021-22939
[ 9 ] CVE-2021-22940
https://nvd.nist.gov/vuln/detail/CVE-2021-22940
[ 10 ] CVE-2021-22959
https://nvd.nist.gov/vuln/detail/CVE-2021-22959
[ 11 ] CVE-2021-22960
https://nvd.nist.gov/vuln/detail/CVE-2021-22960
[ 12 ] CVE-2021-37701
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
[ 13 ] CVE-2021-37712
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
[ 14 ] CVE-2021-39134
https://nvd.nist.gov/vuln/detail/CVE-2021-39134
[ 15 ] CVE-2021-39135
https://nvd.nist.gov/vuln/detail/CVE-2021-39135
[ 16 ] CVE-2021-44531
https://nvd.nist.gov/vuln/detail/CVE-2021-44531
[ 17 ] CVE-2021-44532
https://nvd.nist.gov/vuln/detail/CVE-2021-44532
[ 18 ] CVE-2021-44533
https://nvd.nist.gov/vuln/detail/CVE-2021-44533
[ 19 ] CVE-2022-0778
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
[ 20 ] CVE-2022-3602
https://nvd.nist.gov/vuln/detail/CVE-2022-3602
[ 21 ] CVE-2022-3786
https://nvd.nist.gov/vuln/detail/CVE-2022-3786
[ 22 ] CVE-2022-21824
https://nvd.nist.gov/vuln/detail/CVE-2022-21824
[ 23 ] CVE-2022-32212
https://nvd.nist.gov/vuln/detail/CVE-2022-32212
[ 24 ] CVE-2022-32213
https://nvd.nist.gov/vuln/detail/CVE-2022-32213
[ 25 ] CVE-2022-32214
https://nvd.nist.gov/vuln/detail/CVE-2022-32214
[ 26 ] CVE-2022-32215
https://nvd.nist.gov/vuln/detail/CVE-2022-32215
[ 27 ] CVE-2022-32222
https://nvd.nist.gov/vuln/detail/CVE-2022-32222
[ 28 ] CVE-2022-35255
https://nvd.nist.gov/vuln/detail/CVE-2022-35255
[ 29 ] CVE-2022-35256
https://nvd.nist.gov/vuln/detail/CVE-2022-35256
[ 30 ] CVE-2022-35948
https://nvd.nist.gov/vuln/detail/CVE-2022-35948
[ 31 ] CVE-2022-35949
https://nvd.nist.gov/vuln/detail/CVE-2022-35949
[ 32 ] CVE-2022-43548
https://nvd.nist.gov/vuln/detail/CVE-2022-43548
[ 33 ] CVE-2023-30581
https://nvd.nist.gov/vuln/detail/CVE-2023-30581
[ 34 ] CVE-2023-30582
https://nvd.nist.gov/vuln/detail/CVE-2023-30582
[ 35 ] CVE-2023-30583
https://nvd.nist.gov/vuln/detail/CVE-2023-30583
[ 36 ] CVE-2023-30584
https://nvd.nist.gov/vuln/detail/CVE-2023-30584
[ 37 ] CVE-2023-30586
https://nvd.nist.gov/vuln/detail/CVE-2023-30586
[ 38 ] CVE-2023-30587
https://nvd.nist.gov/vuln/detail/CVE-2023-30587
[ 39 ] CVE-2023-30588
https://nvd.nist.gov/vuln/detail/CVE-2023-30588
[ 40 ] CVE-2023-30589
https://nvd.nist.gov/vuln/detail/CVE-2023-30589
[ 41 ] CVE-2023-30590
https://nvd.nist.gov/vuln/detail/CVE-2023-30590
[ 42 ] CVE-2023-32002
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
[ 43 ] CVE-2023-32003
https://nvd.nist.gov/vuln/detail/CVE-2023-32003
[ 44 ] CVE-2023-32004
https://nvd.nist.gov/vuln/detail/CVE-2023-32004
[ 45 ] CVE-2023-32005
https://nvd.nist.gov/vuln/detail/CVE-2023-32005
[ 46 ] CVE-2023-32006
https://nvd.nist.gov/vuln/detail/CVE-2023-32006
[ 47 ] CVE-2023-32558
https://nvd.nist.gov/vuln/detail/CVE-2023-32558
[ 48 ] CVE-2023-32559
https://nvd.nist.gov/vuln/detail/CVE-2023-32559
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-29
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202207-0369 | CVE-2022-22464 | IBM Security Access Manager Appliance Cryptographic strength vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. Vendor exploits this vulnerability IBM X-Force ID: 225081 It is published as.Information may be obtained
| VAR-202207-0231 | CVE-2022-32481 | Dell EMC PowerProtect Security hole |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. Dell EMC PowerProtect is an application software of Dell (Dell). Provides companies with the ability to protect, manage and recover their most critical application data. Attackers can use this vulnerability to obtain root privileges
| VAR-202207-0328 | CVE-2022-22370 | IBM Security Verify Access Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. Vendor exploits this vulnerability IBM X-Force ID: 221194 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication
A cross-site scripting vulnerability exists in IBM Security Verify Access version 10.0.0 that arises from insufficient sanitization of user-supplied data. A remote user can trick a victim into following a specially crafted link and execute arbitrary HTML and script code on the vulnerable website in the user's browser
| VAR-202207-0311 | CVE-2022-32058 | TP-LINK TL-WR741N and TP-LINK TL-WR742N Security hole |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet
| VAR-202207-0236 | CVE-2022-32449 | TOTOLINK EX300 Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet
| VAR-202207-0198 | CVE-2022-22104 | Buffer error vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto. APQ8096AU firmware, MSM8996AU firmware, QAM8295P Multiple Qualcomm products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202207-0252 | CVE-2022-33936 | Cloud Mobility for Dell EMC Storage Security hole |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. feature that supports transferring, storing and accessing snapshot copies of volumes between compatible on-premises Dell EMC storage devices and public cloud object storage
| VAR-202207-0205 | CVE-2021-35135 | in multiple Qualcomm products. NULL Pointer dereference vulnerability |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8017 firmware, APQ8037 firmware, APQ8053 For multiple Qualcomm products such as firmware, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
| VAR-202207-0255 | CVE-2022-32054 | Tenda AC10 Code injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter
| VAR-202206-1961 | CVE-2022-32208 | Red Hat Security Advisory 2022-6159-01 |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2099300 - CVE-2022-32206 curl: HTTP compression denial of service
2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
6. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: RHACS 3.72 enhancement and security update
Advisory ID: RHSA-2022:6714-01
Product: RHACS
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6714
Issue date: 2022-09-26
CVE Names: CVE-2015-20107 CVE-2022-0391 CVE-2022-1292
CVE-2022-1586 CVE-2022-1785 CVE-2022-1897
CVE-2022-1927 CVE-2022-2068 CVE-2022-2097
CVE-2022-24675 CVE-2022-24921 CVE-2022-28327
CVE-2022-29154 CVE-2022-29526 CVE-2022-30631
CVE-2022-32206 CVE-2022-32208 CVE-2022-34903
=====================================================================
1. Summary:
Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes new features and bug fixes.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Release of RHACS 3.72 provides these changes:
New features
* Automatic removal of nonactive clusters from RHACS: RHACS provides the
ability to configure your system to automatically remove nonactive clusters
from RHACS so that you can monitor active clusters only.
* Support for unauthenticated email integration: RHACS now supports
unauthenticated SMTP for email integrations. This is insecure and not
recommended.
* Support for Quay robot accounts: RHACS now supports use of robot accounts
in quay.io integrations. You can create robot accounts in Quay that allow
you to share credentials for use in multiple repositories.
* Ability to view Dockerfile lines in images that introduced components
with Common Vulnerabilities and Exposures (CVEs): In the Images view, under
Image Findings, you can view individual lines in the Dockerfile that
introduced the components that have been identified as containing CVEs.
* Network graph improvements: RHACS 3.72 includes some improvements to the
Network Graph user interface.
Known issue
* RHACS shows the wrong severity when two severities exist for a single
vulnerability in a single distribution. This issue occurs because RHACS
scopes severities by namespace rather than component. There is no
workaround. It is anticipated that an upcoming release will include a fix
for this issue. (ROX-12527)
Bug fixes
* Before this update, the steps to configure OpenShift Container Platform
OAuth for more than one URI were missing. The documentation has been
revised to include instructions for configuring OAuth in OpenShift
Container Platform to use more than one URI. For more information, see
Creating additional routes for the OpenShift Container Platform OAuth
server. (ROX-11296)
* Before this update, the autogenerated image integration, such as a Docker
registry integration, for a cluster is not deleted when the cluster is
removed from Central. This issue is fixed. (ROX-9398)
* Before this update, the Image OS policy criteria did not support regular
expressions, or regex. However, the documentation indicated that regular
expressions were supported. This issue is fixed by adding support for
regular expressions for the Image OS policy criteria. (ROX-12301)
* Before this update, the syslog integration did not respect a configured
TCP proxy. This is now fixed.
* Before this update, the scanner-db pod failed to start when a resource
quota was set for the stackrox namespace, because the init-db container in
the pod did not have any resources assigned to it. The init-db container
for ScannerDB now specifies resource requests and limits that match the db
container. (ROX-12291)
Notable technical changes
* Scanning support for Red Hat Enterprise Linux 9: RHEL 9 is now generally
available (GA). RHACS 3.72 introduces support for analyzing images built
with Red Hat Universal Base Image (UBI) 9 and Red Hat Enterprise Linux
(RHEL) 9 RPMs for vulnerabilities.
* Policy for CVEs with fixable CVSS of 6 or greater disabled by default:
Beginning with this release, the Fixable CVSS >= 6 and Privileged policy is
no longer enabled by default for new RHACS installations. The configuration
of this policy is not changed when upgrading an existing system. A new
policy Privileged Containers with Important and Critical Fixable CVEs,
which gives an alert for containers running in privileged mode that have
important or critical fixable vulnerabilities, has been added.
Security Fix(es)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression
(CVE-2022-24921)
* golang: crypto/elliptic: panic caused by oversized scalar
(CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
To take advantage of the new features, bug fixes, and enhancements in RHACS
3.72 you are advised to upgrade to RHACS 3.72.0.
4. Bugs fixed (https://bugzilla.redhat.com/):
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5. JIRA issues fixed (https://issues.jboss.org/):
ROX-12799 - Release RHACS 3.72.0
6. References:
https://access.redhat.com/security/cve/CVE-2015-20107
https://access.redhat.com/security/cve/CVE-2022-0391
https://access.redhat.com/security/cve/CVE-2022-1292
https://access.redhat.com/security/cve/CVE-2022-1586
https://access.redhat.com/security/cve/CVE-2022-1785
https://access.redhat.com/security/cve/CVE-2022-1897
https://access.redhat.com/security/cve/CVE-2022-1927
https://access.redhat.com/security/cve/CVE-2022-2068
https://access.redhat.com/security/cve/CVE-2022-2097
https://access.redhat.com/security/cve/CVE-2022-24675
https://access.redhat.com/security/cve/CVE-2022-24921
https://access.redhat.com/security/cve/CVE-2022-28327
https://access.redhat.com/security/cve/CVE-2022-29154
https://access.redhat.com/security/cve/CVE-2022-29526
https://access.redhat.com/security/cve/CVE-2022-30631
https://access.redhat.com/security/cve/CVE-2022-32206
https://access.redhat.com/security/cve/CVE-2022-32208
https://access.redhat.com/security/cve/CVE-2022-34903
https://access.redhat.com/security/updates/classification/#moderate
https://docs.openshift.com/acs/3.72/release_notes/372-release-notes.html
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYzH0ItzjgjWX9erEAQg2Yg//fDLYNktH9vd06FrD5L77TeiYnD/Zx+f5
fk12roODKMOpcV6BmnOyPG0a6POCmhHn1Dn6bOT+7Awx0b9A9cXXDk6jytkpDhh7
O0OxzWZVVvSzNe1TL3WN9vwZqSpAYON8euLBEb16E8pmEv7vXKll3wMQIlctp6Nr
ey6DLL718z8ghXbtkkcGsBQqElM4jESvGm5xByMymfRFktvy9LSgTi+Zc7FY7gXL
AHitJZiSm57D/pwUHvNltLLkxQfVAGuJXaTHYFyeIi6Z2pdDySYAXcr60mVd6eSh
9/7qGwdsQARwmr174s0xMWRcns6UDvwIWifiXl6FUnTZFlia+lC3xIP1o2CXwoFP
Fr7LpF0L9h5BapjSRv1w6qkkJIyJhw5v9VmZQoQ3joZqRQi0I6qLOcp92eik63pM
i11ppoeDNwjpSST40Ema3j9PflzxXB7PKBUfKWwqNc2dnWDkiEhNaXOAZ7MqgdLo
MB3enlKV4deeWOb5OA1Vlv/lAAJM0h5AOgTIBddYs3CDsyoK9fKm1UF/BEhcWMyr
kV3AJ0/zzAK6ev4hQmP8Ug4SbdiHNdM3X1vgH54OVJ3Al3E1nAEyYmELNUITrvXV
jJI5thbVwK78vOX9yWcmpZm879BnHnUPzGbS0lF5FVJOSZ8E7LvOE7lCM/dg094z
0riGwT9O9Ys=
=hArw
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Bugs fixed (https://bugzilla.redhat.com/):
2041540 - RHACM 2.4 using deprecated APIs in managed clusters
2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes
2079418 - cluster update status is stuck, also update is not even visible
2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message
2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2097464 - ACM Console Becomes Unusable After a Time
2100613 - RHACM 2.4.6 images
2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster
2102495 - ManagedClusters in Pending import state after ACM hub migration
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici
2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect
2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
5. Clusters and applications are all visible and
managed from a single console—with security policy built in. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security fix:
* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
Bug fixes:
* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)
* RHACM 2.3.12 images (BZ# 2101411)
3. Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation
2101411 - RHACM 2.3.12 images
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
5. Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
RHEL-8-CNV-4.12
=============
bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89
3. Bugs fixed (https://bugzilla.redhat.com/):
1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container
5. Summary:
The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
1928937 - CVE-2021-23337 nodejs-lodash: command injection via template
1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key
2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key
2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key
2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5. This software, such as Apache HTTP Server, is
common to multiple JBoss middleware products, and is packaged under Red Hat
JBoss Core Services to allow for faster distribution of updates, and for a
more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51
Service Pack 1 serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which
are documented in the Release Notes document linked to in the References.
Security Fix(es):
* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
* libxml2: dict corruption caused by entity reference cycles
(CVE-2022-40304)
* expat: a use-after-free in the doContent function in xmlparse.c
(CVE-2022-40674)
* zlib: a heap-based buffer over-read or buffer overflow in inflate in
inflate.c via a large gzip header extra field (CVE-2022-37434)
* curl: HSTS bypass via IDN (CVE-2022-42916)
* curl: HTTP proxy double-free (CVE-2022-42915)
* curl: POST following PUT confusion (CVE-2022-32221)
* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
(CVE-2022-31813)
* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
* curl: control code in cookie denial of service (CVE-2022-35252)
* zlib: a heap-based buffer over-read or buffer overflow in inflate in
inflate.c via a large gzip header extra field (CVE-2022-37434)
* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)
* curl: Unpreserved file permissions (CVE-2022-32207)
* curl: various flaws (CVE-2022-32206 CVE-2022-32208)
* openssl: the c_rehash script allows command injection (CVE-2022-2068)
* openssl: c_rehash script allows command injection (CVE-2022-1292)
* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large
or unlimited LimitXMLRequestBody (CVE-2022-22721)
* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds
(CVE-2022-23943)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds
2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling
2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read
2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()
2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()
2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection
2099300 - CVE-2022-32206 curl: HTTP compression denial of service
2099305 - CVE-2022-32207 curl: Unpreserved file permissions
2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
2120718 - CVE-2022-35252 curl: control code in cookie denial of service
2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c
2135411 - CVE-2022-32221 curl: POST following PUT confusion
2135413 - CVE-2022-42915 curl: HTTP proxy double-free
2135416 - CVE-2022-42916 curl: HSTS bypass via IDN
2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE
2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles
5
| VAR-202207-0296 | CVE-2021-46825 | Broadcom of advanced secure gateway and proxysg In HTTP Request Smuggling Vulnerability |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
| VAR-202207-0213 | CVE-2022-20768 | Cisco TelePresence Collaboration Endpoint Vulnerability regarding information leakage from log files in |
CVSS V2: 3.5 CVSS V3: 4.9 Severity: MEDIUM |
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. Both Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are products of Cisco (Cisco). Cisco RoomOS Software is a suite of automated management software for Cisco devices. This software is mainly used to upgrade and manage the motherboard firmware of Cisco equipment
| VAR-202207-0230 | CVE-2022-22681 | Synology Photo Station Authorization problem vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors
| VAR-202207-0287 | CVE-2022-21786 | Multiple MediaTek chip audio DSP type conversion vulnerabilities |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822. MediaTek Inc. is the world's fourth largest fab semiconductor company, with a leading position in mobile terminals, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available worldwide.
There are type conversion vulnerabilities in the audio DSPs of several MediaTek chips, which can be exploited by attackers to escalate privileges without requiring user interaction
| VAR-202207-0347 | CVE-2022-21776 | Google of Android Race condition vulnerabilities in |
CVSS V2: 4.4 CVSS V3: 6.4 Severity: MEDIUM |
In MDP, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545450; Issue ID: ALPS06545450. Google of Android There is a race condition vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MediaTek Inc. is the world's fourth largest fab semiconductor company, with a leading position in mobile terminals, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available worldwide. The vulnerability originates from the improper handling of concurrent access when concurrent code needs to access shared resources in a mutually exclusive manner during the operation of a network system or product. An attacker could exploit this vulnerability to escalate local privileges without requiring user interaction
| VAR-202207-0224 | CVE-2022-20815 | plural Cisco Cross-site scripting vulnerability in the product |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
| VAR-202207-0225 | CVE-2022-20859 | plural Cisco Product vulnerabilities |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to. (DoS) It may be in a state. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
| VAR-202207-0215 | CVE-2022-20813 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Certificate validation vulnerabilities in |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice