Vulnerability-Lookup

WID-SEC-W-2024-1307

Vulnerability from csaf_certbund - Published: 2024-06-06 22:00 - Updated: 2025-02-05 23:00

Summary

Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers ausnutzen, um Dateien zu manipulieren, einen 'Denial of Service'-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2021-25220

In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2021-43618

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2021-46848

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-1271

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-2795

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-3094

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-36227

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-47024

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-47629

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-48303

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-48468

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-48554

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2022-48624

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-22745

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-2602

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-2603

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-29491

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-2975

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-3446

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-36054

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-3817

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-39975

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-4408

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-44487

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-45288

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-4641

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-4692

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-4693

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-47038

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-50387

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-50868

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-5517

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-5678

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-5679

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-6004

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-6129

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-6237

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-6516

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-6597

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-6918

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-7008

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2023-7104

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-0450

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-0727

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-1048

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-1313

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-1394

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-22195

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-22365

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-24786

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-25062

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-26458

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-26461

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-28834

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-28835

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-2961

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-33599

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-33600

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-33601

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

CVE-2024-33602

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh Containers <2.5.2 Red Hat / OpenShift		Service Mesh Containers <2.5.2
Red Hat Enterprise Linux 9 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9`	9
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh Containers <2.4.8 Red Hat / OpenShift		Service Mesh Containers <2.4.8
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
Red Hat OpenShift Container Platform <4.14.38 Red Hat / OpenShift		Container Platform <4.14.38
Red Hat OpenShift Run Once Duration Override Operator 1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:run_once_duration_override_operator_1`	Run Once Duration Override Operator 1

References

13 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2024:3680	external
https://access.redhat.com/errata/RHSA-2024:3683	external
https://access.redhat.com/errata/RHSA-2024:3790	external
https://access.redhat.com/errata/RHSA-2024:3314	external
https://access.redhat.com/errata/RHSA-2024:1616	external
https://access.redhat.com/errata/RHSA-2024:4553	external
https://access.redhat.com/errata/RHSA-2024:7184	external
https://access.redhat.com/errata/RHSA-2024:8688	external
https://access.redhat.com/errata/RHSA-2024:8692	external
https://access.redhat.com/errata/RHSA-2024:9088	external
https://access.redhat.com/errata/RHSA-2025:0832	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers ausnutzen, um Dateien zu manipulieren, einen \u0027Denial of Service\u0027-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1307 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1307.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1307 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1307"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3680 vom 2024-06-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:3680"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3683 vom 2024-06-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:3683"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:3790"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3314 vom 2024-06-13",
        "url": "https://access.redhat.com/errata/RHSA-2024:3314"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1616 vom 2024-07-01",
        "url": "https://access.redhat.com/errata/RHSA-2024:1616"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4553 vom 2024-07-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:4553"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7184 vom 2024-10-03",
        "url": "https://access.redhat.com/errata/RHSA-2024:7184"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:8688"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07",
        "url": "https://access.redhat.com/errata/RHSA-2024:8692"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:9088 vom 2024-11-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:9088"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0832 vom 2025-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:0832"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-02-05T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-06T09:06:07.488+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-1307",
      "initial_release_date": "2024-06-06T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-06T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-13T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-18T22:00:00.000+00:00",
          "number": "4",
          "summary": "Korrektur Plattformauswahl"
        },
        {
          "date": "2024-06-30T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-03T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-11-06T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-05T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Red Hat Enterprise Linux 9",
                  "product_id": "T038901",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Service Mesh Containers \u003c2.5.2",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh Containers \u003c2.5.2",
                  "product_id": "T035259"
                }
              },
              {
                "category": "product_version",
                "name": "Service Mesh Containers 2.5.2",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh Containers 2.5.2",
                  "product_id": "T035259-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:service_mesh_containers__2.5.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Service Mesh Containers \u003c2.4.8",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh Containers \u003c2.4.8",
                  "product_id": "T035260"
                }
              },
              {
                "category": "product_version",
                "name": "Service Mesh Containers 2.4.8",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh Containers 2.4.8",
                  "product_id": "T035260-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:service_mesh_containers__2.4.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Run Once Duration Override Operator 1",
                "product": {
                  "name": "Red Hat OpenShift Run Once Duration Override Operator 1",
                  "product_id": "T035698",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:run_once_duration_override_operator_1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.14.38",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.14.38",
                  "product_id": "T037940"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.14.38",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.14.38",
                  "product_id": "T037940-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.38"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.12.72",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.12.72",
                  "product_id": "T040822"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.12.72",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12.72",
                  "product_id": "T040822-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.72"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-25220",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2021-25220"
    },
    {
      "cve": "CVE-2021-43618",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2021-43618"
    },
    {
      "cve": "CVE-2021-46848",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2021-46848"
    },
    {
      "cve": "CVE-2022-1271",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-1271"
    },
    {
      "cve": "CVE-2022-2795",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-2795"
    },
    {
      "cve": "CVE-2022-3094",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-3094"
    },
    {
      "cve": "CVE-2022-36227",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-36227"
    },
    {
      "cve": "CVE-2022-47024",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-47024"
    },
    {
      "cve": "CVE-2022-47629",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-47629"
    },
    {
      "cve": "CVE-2022-48303",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-48303"
    },
    {
      "cve": "CVE-2022-48468",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-48468"
    },
    {
      "cve": "CVE-2022-48554",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-48554"
    },
    {
      "cve": "CVE-2022-48624",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2022-48624"
    },
    {
      "cve": "CVE-2023-22745",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-22745"
    },
    {
      "cve": "CVE-2023-2602",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-2602"
    },
    {
      "cve": "CVE-2023-2603",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-2603"
    },
    {
      "cve": "CVE-2023-29491",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-29491"
    },
    {
      "cve": "CVE-2023-2975",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-2975"
    },
    {
      "cve": "CVE-2023-3446",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-3446"
    },
    {
      "cve": "CVE-2023-36054",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-36054"
    },
    {
      "cve": "CVE-2023-3817",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-3817"
    },
    {
      "cve": "CVE-2023-39975",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-39975"
    },
    {
      "cve": "CVE-2023-4408",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-4408"
    },
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45288",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-45288"
    },
    {
      "cve": "CVE-2023-4641",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-4641"
    },
    {
      "cve": "CVE-2023-4692",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-4692"
    },
    {
      "cve": "CVE-2023-4693",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-4693"
    },
    {
      "cve": "CVE-2023-47038",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-47038"
    },
    {
      "cve": "CVE-2023-50387",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-50387"
    },
    {
      "cve": "CVE-2023-50868",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-50868"
    },
    {
      "cve": "CVE-2023-5517",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-5517"
    },
    {
      "cve": "CVE-2023-5678",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5679",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-5679"
    },
    {
      "cve": "CVE-2023-6004",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-6004"
    },
    {
      "cve": "CVE-2023-6129",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2023-6237",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-6237"
    },
    {
      "cve": "CVE-2023-6516",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-6516"
    },
    {
      "cve": "CVE-2023-6597",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-6597"
    },
    {
      "cve": "CVE-2023-6918",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-6918"
    },
    {
      "cve": "CVE-2023-7008",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-7008"
    },
    {
      "cve": "CVE-2023-7104",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2023-7104"
    },
    {
      "cve": "CVE-2024-0450",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-0727",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-1048",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-1048"
    },
    {
      "cve": "CVE-2024-1313",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-1313"
    },
    {
      "cve": "CVE-2024-1394",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-1394"
    },
    {
      "cve": "CVE-2024-22195",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-22195"
    },
    {
      "cve": "CVE-2024-22365",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-22365"
    },
    {
      "cve": "CVE-2024-24786",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-24786"
    },
    {
      "cve": "CVE-2024-25062",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-26458",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-26458"
    },
    {
      "cve": "CVE-2024-26461",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-26461"
    },
    {
      "cve": "CVE-2024-28834",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-28834"
    },
    {
      "cve": "CVE-2024-28835",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-28835"
    },
    {
      "cve": "CVE-2024-2961",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-2961"
    },
    {
      "cve": "CVE-2024-33599",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-33599"
    },
    {
      "cve": "CVE-2024-33600",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-33600"
    },
    {
      "cve": "CVE-2024-33601",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-33601"
    },
    {
      "cve": "CVE-2024-33602",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035259",
          "T038901",
          "67646",
          "T035260",
          "T040822",
          "T037940",
          "T035698"
        ]
      },
      "release_date": "2024-06-06T22:00:00.000+00:00",
      "title": "CVE-2024-33602"
    }
  ]
}

CVE-2021-25220 (GCVE-0-2021-25220)

Vulnerability from cvelistv5 – Published: 2022-03-23 12:50 – Updated: 2024-09-16 17:08

Title

DNS forwarders - cache poisoning vulnerability

Summary

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

CWE

When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are: Resolvers using per zone or global forwarding with forward first (forward first is the default). Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only. Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.

Assigner

isc

References

10 references

URL	Tags
https://kb.isc.org/v1/docs/cve-2021-25220
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2022040…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…
https://security.gentoo.org/glsa/202210-25	vendor-advisory
https://supportportal.juniper.net/s/article/2022-…

Impacted products

1 product

Vendor	Product	Version
ISC	BIND	Affected: Open Source Branch 9.11 9.11.0 through versions before 9.11.37 Affected: Development Branch 9.17 BIND 9.17 all version Affected: Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27 Affected: Open Source Branch 9.18 9.18.0 Affected: Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S Affected: Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S

Date Public

2022-03-16 00:00

Credits

ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.isc.org/v1/docs/cve-2021-25220"
          },
          {
            "name": "FEDORA-2022-14e36aac0c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
          },
          {
            "name": "FEDORA-2022-042d9c6146",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
          },
          {
            "name": "FEDORA-2022-a88218de5c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"
          },
          {
            "name": "FEDORA-2022-05918f0838",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"
          },
          {
            "name": "FEDORA-2022-3f293290c3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "name": "GLSA-202210-25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "Open Source Branch 9.11  9.11.0 through versions before 9.11.37"
            },
            {
              "status": "affected",
              "version": "Development Branch 9.17  BIND 9.17 all version"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.12-16  9.12.0 through versions before 9.16.27"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.18 9.18.0"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.16-S  9.16.0-S through versions before 9.16.27-S"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are:     Resolvers using per zone or global forwarding with forward first (forward first is the default).     Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only.     Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND     9.11.0 -\u003e 9.11.36     9.12.0 -\u003e 9.16.26     9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions:     9.11.4-S1 -\u003e 9.11.36-S1     9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-23T00:00:00.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "url": "https://kb.isc.org/v1/docs/cve-2021-25220"
        },
        {
          "name": "FEDORA-2022-14e36aac0c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
        },
        {
          "name": "FEDORA-2022-042d9c6146",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
        },
        {
          "name": "FEDORA-2022-a88218de5c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"
        },
        {
          "name": "FEDORA-2022-05918f0838",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"
        },
        {
          "name": "FEDORA-2022-3f293290c3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "name": "GLSA-202210-25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-25"
        },
        {
          "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n    BIND 9.11.37\n    BIND 9.16.27\n    BIND 9.18.1\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n    BIND 9.11.37-S1\n    BIND 9.16.27-S1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DNS forwarders - cache poisoning vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use-case, it may be possible to use other zone types to replace forward zones.\nActive exploits: We are not aware of any active exploits."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2021-25220",
    "datePublished": "2022-03-23T12:50:10.367Z",
    "dateReserved": "2021-01-15T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:08:54.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-43618 (GCVE-0-2021-43618)

Vulnerability from cvelistv5 – Published: 2021-11-15 00:00 – Updated: 2024-08-04 04:03

Summary

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

8 references

URL	Tags
https://gmplib.org/list-archives/gmp-bugs/2021-Se…
https://bugs.debian.org/994405
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
https://lists.debian.org/debian-lts-announce/2021…	mailing-list
http://www.openwall.com/lists/oss-security/2022/10/13/3	mailing-list
http://seclists.org/fulldisclosure/2022/Oct/8	mailing-list
https://security.netapp.com/advisory/ntap-2022111…
https://security.gentoo.org/glsa/202309-13	vendor-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:03:08.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/994405"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e"
          },
          {
            "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html"
          },
          {
            "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3"
          },
          {
            "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221111-0001/"
          },
          {
            "name": "GLSA-202309-13",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-29T14:06:22.071Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html"
        },
        {
          "url": "https://bugs.debian.org/994405"
        },
        {
          "url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e"
        },
        {
          "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html"
        },
        {
          "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3"
        },
        {
          "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/8"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221111-0001/"
        },
        {
          "name": "GLSA-202309-13",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202309-13"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-43618",
    "datePublished": "2021-11-15T00:00:00.000Z",
    "dateReserved": "2021-11-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:03:08.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46848 (GCVE-0-2021-46848)

Vulnerability from cvelistv5 – Published: 2022-10-24 00:00 – Updated: 2025-05-07 14:32

Summary

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

Assigner

mitre

References

9 references

URL	Tags
https://gitlab.com/gnutls/libtasn1/-/commit/44a70…
https://gitlab.com/gnutls/libtasn1/-/issues/32
https://bugs.gentoo.org/866237
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2022111…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gnutls/libtasn1/-/issues/32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/866237"
          },
          {
            "name": "FEDORA-2022-061f857481",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"
          },
          {
            "name": "FEDORA-2022-3c933ffaca",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"
          },
          {
            "name": "FEDORA-2022-19056934a7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221118-0006/"
          },
          {
            "name": "FEDORA-2022-3f9ee1ad91",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
          },
          {
            "name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-46848",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T14:30:56.235688Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-193",
                "description": "CWE-193 Off-by-one Error",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T14:32:10.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-09T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"
        },
        {
          "url": "https://gitlab.com/gnutls/libtasn1/-/issues/32"
        },
        {
          "url": "https://bugs.gentoo.org/866237"
        },
        {
          "name": "FEDORA-2022-061f857481",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"
        },
        {
          "name": "FEDORA-2022-3c933ffaca",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"
        },
        {
          "name": "FEDORA-2022-19056934a7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221118-0006/"
        },
        {
          "name": "FEDORA-2022-3f9ee1ad91",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
        },
        {
          "name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-46848",
    "datePublished": "2022-10-24T00:00:00.000Z",
    "dateReserved": "2022-10-24T00:00:00.000Z",
    "dateUpdated": "2025-05-07T14:32:10.465Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1271 (GCVE-0-2022-1271)

Vulnerability from cvelistv5 – Published: 2022-08-31 15:33 – Updated: 2025-06-09 14:56

Summary

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-179 - - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework

Assigner

redhat

References

9 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2073310	x_refsource_MISC
https://www.openwall.com/lists/oss-security/2022/…	x_refsource_MISC
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html	x_refsource_MISC
https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch	x_refsource_MISC
https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=…	x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-1271	x_refsource_MISC
https://security.gentoo.org/glsa/202209-01	vendor-advisoryx_refsource_GENTOO
https://security.netapp.com/advisory/ntap-2022093…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	gzip, xz-utils	Affected: Fixed in gzip 1.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-1271"
          },
          {
            "name": "GLSA-202209-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220930-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-1271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T14:55:46.489089Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T14:56:35.875Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gzip, xz-utils",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in gzip 1.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-179",
              "description": "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-30T15:06:11.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-1271"
        },
        {
          "name": "GLSA-202209-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220930-0006/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-1271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "gzip, xz-utils",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in gzip 1.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2022/04/07/8",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8"
            },
            {
              "name": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html",
              "refsource": "MISC",
              "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html"
            },
            {
              "name": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch",
              "refsource": "MISC",
              "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch"
            },
            {
              "name": "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6",
              "refsource": "MISC",
              "url": "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2022-1271",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271"
            },
            {
              "name": "https://access.redhat.com/security/cve/CVE-2022-1271",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/cve/CVE-2022-1271"
            },
            {
              "name": "GLSA-202209-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-01"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220930-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220930-0006/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1271",
    "datePublished": "2022-08-31T15:33:00.000Z",
    "dateReserved": "2022-04-07T00:00:00.000Z",
    "dateUpdated": "2025-06-09T14:56:35.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2795 (GCVE-0-2022-2795)

Vulnerability from cvelistv5 – Published: 2022-09-21 10:15 – Updated: 2024-11-29 12:04

Title

Processing large delegations may severely degrade resolver performance

Summary

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

In BIND 9.0.0 -> 9.16.32, 9.18.0 -> 9.18.6, versions 9.9.3-S1 -> 9.11.37-S1, 9.16.8-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, a flaw in resolver code can cause named to spend excessive amounts of time on processing large delegations.

Assigner

isc

References

8 references

URL	Tags
https://kb.isc.org/docs/cve-2022-2795
http://www.openwall.com/lists/oss-security/2022/09/21/3	mailing-list
https://www.debian.org/security/2022/dsa-5235	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://security.gentoo.org/glsa/202210-25	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
ISC	BIND9	Affected: Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33 Affected: Open Source Branch 9.18 9.18.0 through versions before 9.18.7 Affected: Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1 Affected: Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1 Affected: Development Branch 9.19 9.19.0 through versions before 9.19.5

Date Public

2022-09-21 00:00

Credits

ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr & Shani Stajnrod from Reichman University for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:isc:bind:9.0.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bind",
            "vendor": "isc",
            "versions": [
              {
                "lessThanOrEqual": "9.16.32",
                "status": "affected",
                "version": "9.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bind",
            "vendor": "isc",
            "versions": [
              {
                "lessThan": "9.11.37",
                "status": "affected",
                "version": "9.9.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bind",
            "vendor": "isc",
            "versions": [
              {
                "lessThan": "9.16.32",
                "status": "affected",
                "version": "9.16.8",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bind",
            "vendor": "isc",
            "versions": [
              {
                "lessThan": "9.19.4",
                "status": "affected",
                "version": "9.19.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T17:20:53.564264Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T19:41:53.934Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-29T12:04:33.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2022-2795"
          },
          {
            "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
          },
          {
            "name": "DSA-5235",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5235"
          },
          {
            "name": "FEDORA-2022-ef038365de",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
          },
          {
            "name": "FEDORA-2022-8268735e06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
          },
          {
            "name": "FEDORA-2022-b197d64471",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
          },
          {
            "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
          },
          {
            "name": "GLSA-202210-25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-25"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241129-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1"
            },
            {
              "status": "affected",
              "version": "Development Branch 9.19 9.19.0 through versions before 9.19.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr \u0026 Shani Stajnrod from Reichman University for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2022-09-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver\u0027s performance, effectively denying legitimate clients access to the DNS resolution service."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "In BIND 9.0.0 -\u003e 9.16.32, 9.18.0 -\u003e 9.18.6, versions 9.9.3-S1 -\u003e 9.11.37-S1, 9.16.8-S1 -\u003e 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -\u003e 9.19.4 of the BIND 9.19 development branch, a flaw in resolver code can cause named to spend excessive amounts of time on processing large delegations.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "url": "https://kb.isc.org/docs/cve-2022-2795"
        },
        {
          "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
        },
        {
          "name": "DSA-5235",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5235"
        },
        {
          "name": "FEDORA-2022-ef038365de",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
        },
        {
          "name": "FEDORA-2022-8268735e06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
        },
        {
          "name": "FEDORA-2022-b197d64471",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
        },
        {
          "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
        },
        {
          "name": "GLSA-202210-25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-25"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Processing large delegations may severely degrade resolver performance",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2022-2795",
    "datePublished": "2022-09-21T10:15:25.796Z",
    "dateReserved": "2022-08-12T00:00:00.000Z",
    "dateUpdated": "2024-11-29T12:04:33.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3094 (GCVE-0-2022-3094)

Vulnerability from cvelistv5 – Published: 2023-01-25 21:34 – Updated: 2025-04-01 13:48

Title

An UPDATE message flood may cause named to exhaust all available memory

Summary

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

isc

References

1 reference

URL	Tags
https://kb.isc.org/docs/cve-2022-3094	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.16.0 , ≤ 9.16.36 (custom) Affected: 9.18.0 , ≤ 9.18.10 (custom) Affected: 9.19.0 , ≤ 9.19.8 (custom) Affected: 9.16.8-S1 , ≤ 9.16.36-S1 (custom)

Date Public

2023-01-25 00:00

Credits

ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CVE-2022-3094",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2022-3094"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3094",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-01T13:48:11.170392Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-01T13:48:37.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.36",
              "status": "affected",
              "version": "9.16.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.10",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.19.8",
              "status": "affected",
              "version": "9.19.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.36-S1",
              "status": "affected",
              "version": "9.16.8-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2023-01-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.\n\nMemory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.\n\nIf a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.\n\nBIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don\u0027t intend to address this for BIND versions prior to BIND 9.16.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "By flooding the target server with UPDATE requests, the attacker can exhaust all available memory on that server."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-26T06:03:10.975Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2022-3094",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2022-3094"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "An UPDATE message flood may cause named to exhaust all available memory",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2022-3094",
    "datePublished": "2023-01-25T21:34:52.983Z",
    "dateReserved": "2022-09-02T10:25:47.183Z",
    "dateUpdated": "2025-04-01T13:48:37.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-36227 (GCVE-0-2022-36227)

Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-11-03 21:46

Summary

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

Severity

No CVSS data available.

CWE

Assigner

mitre

References

6 references

URL	Tags
https://github.com/libarchive/libarchive/issues/1754
https://bugs.gentoo.org/882521
https://github.com/libarchive/libarchive/blob/v3.…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.gentoo.org/glsa/202309-14	vendor-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:46:29.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/libarchive/libarchive/issues/1754"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/882521"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215"
          },
          {
            "name": "FEDORA-2022-e15be0091f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/"
          },
          {
            "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html"
          },
          {
            "name": "GLSA-202309-14",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-14"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-29T16:06:28.926Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/libarchive/libarchive/issues/1754"
        },
        {
          "url": "https://bugs.gentoo.org/882521"
        },
        {
          "url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215"
        },
        {
          "name": "FEDORA-2022-e15be0091f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/"
        },
        {
          "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html"
        },
        {
          "name": "GLSA-202309-14",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202309-14"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36227",
    "datePublished": "2022-11-22T00:00:00.000Z",
    "dateReserved": "2022-07-18T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:46:29.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-47024 (GCVE-0-2022-47024)

Vulnerability from cvelistv5 – Published: 2023-01-20 00:00 – Updated: 2025-04-03 15:48

Summary

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

4 references

URL	Tags
https://github.com/vim/vim/commit/a63ad78ed31e36d…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.gentoo.org/glsa/202305-16	vendor-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:47:28.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19"
          },
          {
            "name": "FEDORA-2023-2db4df65c3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
          },
          {
            "name": "FEDORA-2023-93fb5b08eb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
          },
          {
            "name": "GLSA-202305-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-16"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-47024",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T15:48:06.644613Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T15:48:40.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19"
        },
        {
          "name": "FEDORA-2023-2db4df65c3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
        },
        {
          "name": "FEDORA-2023-93fb5b08eb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
        },
        {
          "name": "GLSA-202305-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-16"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-47024",
    "datePublished": "2023-01-20T00:00:00.000Z",
    "dateReserved": "2022-12-12T00:00:00.000Z",
    "dateUpdated": "2025-04-03T15:48:40.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-47629 (GCVE-0-2022-47629)

Vulnerability from cvelistv5 – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:35

Summary

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

6 references

URL	Tags
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksb…
https://dev.gnupg.org/T6284
https://www.debian.org/security/2022/dsa-5305	vendor-advisory
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://security.gentoo.org/glsa/202212-07	vendor-advisory
https://security.netapp.com/advisory/ntap-2023031…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:02:35.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://dev.gnupg.org/T6284"
          },
          {
            "name": "DSA-5305",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5305"
          },
          {
            "name": "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html"
          },
          {
            "name": "GLSA-202212-07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0011/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-47629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:50:56.937630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T17:35:45.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-16T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070"
        },
        {
          "url": "https://dev.gnupg.org/T6284"
        },
        {
          "name": "DSA-5305",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5305"
        },
        {
          "name": "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html"
        },
        {
          "name": "GLSA-202212-07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-07"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0011/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-47629",
    "datePublished": "2022-12-20T00:00:00.000Z",
    "dateReserved": "2022-12-20T00:00:00.000Z",
    "dateUpdated": "2025-04-16T17:35:45.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-48303 (GCVE-0-2022-48303)

Vulnerability from cvelistv5 – Published: 2023-01-30 00:00 – Updated: 2025-03-27 20:35

Summary

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

4 references

URL	Tags
https://savannah.gnu.org/bugs/?62387
https://savannah.gnu.org/patch/?10307
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:10:59.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://savannah.gnu.org/bugs/?62387"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://savannah.gnu.org/patch/?10307"
          },
          {
            "name": "FEDORA-2023-123778d70d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/"
          },
          {
            "name": "FEDORA-2023-f72d3caf36",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48303",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T20:34:11.069640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T20:35:03.448Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-26T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://savannah.gnu.org/bugs/?62387"
        },
        {
          "url": "https://savannah.gnu.org/patch/?10307"
        },
        {
          "name": "FEDORA-2023-123778d70d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/"
        },
        {
          "name": "FEDORA-2023-f72d3caf36",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-48303",
    "datePublished": "2023-01-30T00:00:00.000Z",
    "dateReserved": "2023-01-30T00:00:00.000Z",
    "dateUpdated": "2025-03-27T20:35:03.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-1307

CVE-2021-25220 (GCVE-0-2021-25220)

CVE-2021-43618 (GCVE-0-2021-43618)

CVE-2021-46848 (GCVE-0-2021-46848)

CVE-2022-1271 (GCVE-0-2022-1271)

CVE-2022-2795 (GCVE-0-2022-2795)

CVE-2022-3094 (GCVE-0-2022-3094)

CVE-2022-36227 (GCVE-0-2022-36227)

CVE-2022-47024 (GCVE-0-2022-47024)

CVE-2022-47629 (GCVE-0-2022-47629)

CVE-2022-48303 (GCVE-0-2022-48303)

Tags

Sightings

Nomenclature