Headline
RHSA-2022:7692: Red Hat Security Advisory: xmlrpc-c security update
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-46143: expat: Integer overflow in doProlog in xmlparse.c
- CVE-2022-22822: expat: Integer overflow in addBinding in xmlparse.c
- CVE-2022-22823: expat: Integer overflow in build_model in xmlparse.c
- CVE-2022-22824: expat: Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22825: expat: Integer overflow in lookup in xmlparse.c
- CVE-2022-22826: expat: Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22827: expat: Integer overflow in storeAtts in xmlparse.c
Synopsis
Moderate: xmlrpc-c security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Security Fix(es):
- expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
- expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
- expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
- expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
- expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
- expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
- expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- BZ - 2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c
- BZ - 2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c
- BZ - 2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c
- BZ - 2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c
- BZ - 2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c
- BZ - 2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c
CVEs
- CVE-2021-46143
- CVE-2022-22822
- CVE-2022-22823
- CVE-2022-22824
- CVE-2022-22825
- CVE-2022-22826
- CVE-2022-22827
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
xmlrpc-c-1.51.0-8.el8.src.rpm
SHA-256: 3d6a23b31889057138950e44cbe401f4eb872d6134b4410abe98a5d318098902
x86_64
xmlrpc-c-1.51.0-8.el8.i686.rpm
SHA-256: 066a70f02f7d29ef5f77bae98fd8890ab3cbaa97ef32416c8406e05cf81a7561
xmlrpc-c-1.51.0-8.el8.x86_64.rpm
SHA-256: ef5ed54ea084bf654eafdc6cba8762332c280e9e4ee4a92cc321276f4e8aaa10
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: 8e2e6106e85bf8d21964b75160d338f914bfbd5ba0b85780b45ad1099cc284b6
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: deecf8f5707dbf311f6d60692f7026d0885bd88c7b0bb52e83272c24160aa515
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: 27763b04b00c540180d30a71745879cffa48714a5598dc647540fcb1f92ebeeb
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: 2acac7ab590737273045fe004c457b26c63774eda636939a78002e0ff415487d
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: ae51020c0a4104cfb9a229d99698a7af9a8c36e94d8e264be92ace0e256bc425
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: 246a8e4d00a1ddc0699f5881c433bc649b7f59c3d6ff6371e77a6887611b22fe
xmlrpc-c-client-1.51.0-8.el8.i686.rpm
SHA-256: 8caba99f743e0e70848b6e72ca5d3a974029ec47d8257f8e9d2530dab27c0cc7
xmlrpc-c-client-1.51.0-8.el8.x86_64.rpm
SHA-256: 2a2b840bb0d7490126bce8807522f24789b8b131c168f378cbfa7fe55b91ebcc
xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: 8db6fdbbe265043609c7f65ba578390fc236b4d3b03f4d06fcd77fef8ea1e371
xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: 975f12baeccb6986da39368d934bbc7d42938f036c09d10c43678a05401a9a72
xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: 062620c2a34a84ebf4e47f32a1a902d88085394209950a6b6249b0fdbcfed79a
xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: ca81c7fcfca2b87362883a8daa8f80c3937a8049666c422ae80f07088cb6ce4f
xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm
SHA-256: 7ad8017b920c548827ac00f4ae44c07a5b7e545cb4f57ff2672e45491a2aa6a4
xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm
SHA-256: 153c787d23b4425dfa21676ea4936dc28086abbc581a874f0977414f29ccc2cd
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
xmlrpc-c-1.51.0-8.el8.src.rpm
SHA-256: 3d6a23b31889057138950e44cbe401f4eb872d6134b4410abe98a5d318098902
s390x
xmlrpc-c-1.51.0-8.el8.s390x.rpm
SHA-256: cfbb7c1da1ba8fb184801f855f91c64f6e082f456b31c63d51767dc75305b04a
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: bdeb2c2fc362ba9e8e90ad5d2f92dc69ecfd1a036a870ef04f5a3113b7835185
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: 10d788579ec38a27375457fe558f7ebd8fa5c0895263692139cf4c96af5a0887
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: f6c1a47dc24ede36086dbf20a75947f16d2d5d102b51f332045dc615033e3b13
xmlrpc-c-client-1.51.0-8.el8.s390x.rpm
SHA-256: 123e08fbd4170991ea5c7a67f3959e07d65b294770d292e09ef24c43cdd44d2c
xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: 28e8ebdb2b3b435aa6143b923a88c605be97e0cc8b5fbc978999c8703188e79a
xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: b0cf296d8aa90702f48a576920fee603eacf13901e295c1615817bf897484c15
xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm
SHA-256: e9d9edd7b8c79e47075d78f9deed8b385eb10c52df519f7094b35f286bf886c7
Red Hat Enterprise Linux for Power, little endian 8
SRPM
xmlrpc-c-1.51.0-8.el8.src.rpm
SHA-256: 3d6a23b31889057138950e44cbe401f4eb872d6134b4410abe98a5d318098902
ppc64le
xmlrpc-c-1.51.0-8.el8.ppc64le.rpm
SHA-256: 2b67f722595e79121c3091e99e1cef0dc876536b6001d971b2b2ffc7ff0228da
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: 17089a9304df144665c1846bba882baf21565f0bfabe755dde0c9ff096589a88
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: 65e473339fac289fd9915c84083aedc3009b2d8c0446fe8a0b7ce1c4845e4a50
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: 8c532d9826843d3609daffb133864d52537333641dedf67882605b0f484c5d79
xmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm
SHA-256: 408ee82ab091907e6fbc6b15c3eb8d3890a0588b3a28f73b4dc7f1e97b4ddc04
xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: affe44a5b577d318c4c8e41ee2aa4ee2e5c49ff174224fcf6ca52a2ca5fd6d52
xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: a640384a5ab2bb03092b9ab8055d1b6cd6fb533e9d88fc70b89614a3d77fe382
xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm
SHA-256: 2bf5047005a7863b9af16a28720bf2cf2d7708311d2b098c920e91b7607938bc
Red Hat Enterprise Linux for ARM 64 8
SRPM
xmlrpc-c-1.51.0-8.el8.src.rpm
SHA-256: 3d6a23b31889057138950e44cbe401f4eb872d6134b4410abe98a5d318098902
aarch64
xmlrpc-c-1.51.0-8.el8.aarch64.rpm
SHA-256: d9d7401125e80541cbc4ff885c70157ff74c9b85374d3288c0b55d03f208fc73
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: dc3e786c57ac8a63ef45debb36308a4eec70e45cab520c309365aacfa63605bf
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: 060e59fc4a011e78857179e05fa8d46e624953b46eba25f56732ede7c95dca9f
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: 11c0df94136ab5caa73ba5bf0fef181ae8f46a056f33c1652a06e742ba133c83
xmlrpc-c-client-1.51.0-8.el8.aarch64.rpm
SHA-256: 30c60919bcdb6304304654a44ca6931f04350655cc1672ce27d71d713b45608f
xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: cb33092f07eb6661003caa92a4008bc8ad87f6c2b6c02f520fa393fb113706c8
xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: c1851b2cb11eb7aca07e8fdbd2de279e89da78e909ff4b05f180947470368a4b
xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm
SHA-256: 9aaa634fe7d0ce47807284a58e9e8c22b350973ad899d55c2c4f0c172feea8ba
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: 8e2e6106e85bf8d21964b75160d338f914bfbd5ba0b85780b45ad1099cc284b6
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: deecf8f5707dbf311f6d60692f7026d0885bd88c7b0bb52e83272c24160aa515
xmlrpc-c-c+±1.51.0-8.el8.i686.rpm
SHA-256: a1900f98533722f7683b7782b799cc511eeebeb769f6999e56a4ae1b91cadc3c
xmlrpc-c-c+±1.51.0-8.el8.x86_64.rpm
SHA-256: 1fc8635b3534537af03ea19b2a9bbd9dd2fa0d4fda16ba29b9781c9cd24cc0a2
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: 27763b04b00c540180d30a71745879cffa48714a5598dc647540fcb1f92ebeeb
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: 2acac7ab590737273045fe004c457b26c63774eda636939a78002e0ff415487d
xmlrpc-c-client+±1.51.0-8.el8.i686.rpm
SHA-256: 52e10c4bcf018771f7e7428fe02f48659337f278eb77606585d3922443227d2c
xmlrpc-c-client+±1.51.0-8.el8.x86_64.rpm
SHA-256: 2eb3632f7ee2c10f1367c61ac38c10457ceaf67d7228972409e354841b211a63
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: ae51020c0a4104cfb9a229d99698a7af9a8c36e94d8e264be92ace0e256bc425
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: 246a8e4d00a1ddc0699f5881c433bc649b7f59c3d6ff6371e77a6887611b22fe
xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: 8db6fdbbe265043609c7f65ba578390fc236b4d3b03f4d06fcd77fef8ea1e371
xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: 975f12baeccb6986da39368d934bbc7d42938f036c09d10c43678a05401a9a72
xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm
SHA-256: 062620c2a34a84ebf4e47f32a1a902d88085394209950a6b6249b0fdbcfed79a
xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm
SHA-256: ca81c7fcfca2b87362883a8daa8f80c3937a8049666c422ae80f07088cb6ce4f
xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm
SHA-256: 7ad8017b920c548827ac00f4ae44c07a5b7e545cb4f57ff2672e45491a2aa6a4
xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm
SHA-256: 153c787d23b4425dfa21676ea4936dc28086abbc581a874f0977414f29ccc2cd
xmlrpc-c-devel-1.51.0-8.el8.i686.rpm
SHA-256: 6dae1bf7e3ccf5166a003d5fcaefdc341c9d97b6905c21b4013f8627e417c9d8
xmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm
SHA-256: 4cd0333e67284bdbef523c9dcdd22f4f99492f507a945c6bf5cb2289b5380a00
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: 17089a9304df144665c1846bba882baf21565f0bfabe755dde0c9ff096589a88
xmlrpc-c-c+±1.51.0-8.el8.ppc64le.rpm
SHA-256: 8967f6532182a09257ebaa084ebe7d9d845150d2574711e16a5a8bc2330d3739
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: 65e473339fac289fd9915c84083aedc3009b2d8c0446fe8a0b7ce1c4845e4a50
xmlrpc-c-client+±1.51.0-8.el8.ppc64le.rpm
SHA-256: fe31187a0407476276a7340f7aaad990091d5481c7ab0bbfa1e8da1e7ac82151
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: 8c532d9826843d3609daffb133864d52537333641dedf67882605b0f484c5d79
xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: affe44a5b577d318c4c8e41ee2aa4ee2e5c49ff174224fcf6ca52a2ca5fd6d52
xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm
SHA-256: a640384a5ab2bb03092b9ab8055d1b6cd6fb533e9d88fc70b89614a3d77fe382
xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm
SHA-256: 2bf5047005a7863b9af16a28720bf2cf2d7708311d2b098c920e91b7607938bc
xmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm
SHA-256: b6bf71e30782f246efe255c11eee5fc032550be83627b331862fd5919ee75924
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: dc3e786c57ac8a63ef45debb36308a4eec70e45cab520c309365aacfa63605bf
xmlrpc-c-c+±1.51.0-8.el8.aarch64.rpm
SHA-256: 8f2a3fff94f1905ed85a7fbe08dd6c15c3cc6260a49ce020849455e6fd28c696
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: 060e59fc4a011e78857179e05fa8d46e624953b46eba25f56732ede7c95dca9f
xmlrpc-c-client+±1.51.0-8.el8.aarch64.rpm
SHA-256: 99893a3743874c04310be6ae2e1cd43da1a11102f68e1350865266b8dc4e380a
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: 11c0df94136ab5caa73ba5bf0fef181ae8f46a056f33c1652a06e742ba133c83
xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: cb33092f07eb6661003caa92a4008bc8ad87f6c2b6c02f520fa393fb113706c8
xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm
SHA-256: c1851b2cb11eb7aca07e8fdbd2de279e89da78e909ff4b05f180947470368a4b
xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm
SHA-256: 9aaa634fe7d0ce47807284a58e9e8c22b350973ad899d55c2c4f0c172feea8ba
xmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm
SHA-256: f314a3a99f9acdb612bd717eb74f49f70230cb800965490917b9511ee92af2d5
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: bdeb2c2fc362ba9e8e90ad5d2f92dc69ecfd1a036a870ef04f5a3113b7835185
xmlrpc-c-c+±1.51.0-8.el8.s390x.rpm
SHA-256: e78836c99bef29340d660655520b56ebcb6ead0da49472ba3193d9595de7cf71
xmlrpc-c-c+±debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: 10d788579ec38a27375457fe558f7ebd8fa5c0895263692139cf4c96af5a0887
xmlrpc-c-client+±1.51.0-8.el8.s390x.rpm
SHA-256: b043fe46fff8a2c5a531c624bb0197788f4c499388e2d2088fecc49dbf4ecab0
xmlrpc-c-client+±debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: f6c1a47dc24ede36086dbf20a75947f16d2d5d102b51f332045dc615033e3b13
xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: 28e8ebdb2b3b435aa6143b923a88c605be97e0cc8b5fbc978999c8703188e79a
xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm
SHA-256: b0cf296d8aa90702f48a576920fee603eacf13901e295c1615817bf897484c15
xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm
SHA-256: e9d9edd7b8c79e47075d78f9deed8b385eb10c52df519f7094b35f286bf886c7
xmlrpc-c-devel-1.51.0-8.el8.s390x.rpm
SHA-256: b09122739ad8c7fbf60343196b318b30056f824b549528b787763bfaa886ae36
Related news
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Red Hat Security Advisory 2022-7692-01 - XML-RPC is a remote procedure call protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-41524: httpd: NULL pointer dereference via crafted request during HTTP/2 request processing * CVE-202...
Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.