#nodejs

**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

An update for libksba is now available for Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CVE-2022-21125: hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) * CVE-2022-21166: hw: cpu: Incomplete c...

An update for openvswitch2.11 is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.

OpenShift API for Data Protection (OADP) 1.0.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1