cvelistv5 - cve-2022-2962

CVE-2022-2962 (GCVE-0-2022-2962)

Vulnerability from cvelistv5

Published

2022-09-13 19:18

Modified

2025-04-23 17:11

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-400

Summary

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

References

URL

Tags

	https://gitlab.com/qemu-project/qemu/-/issues/1171	x_refsource_MISC
	https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	QEMU	Version: Will be fixed in QEMU 7.2.0-rc0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:53:00.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/qemu-project/qemu/-/issues/1171"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-2962",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:29:35.015013Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T17:11:03.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Will be fixed in QEMU 7.2.0-rc0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn\u0027t check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-13T19:18:14.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/qemu-project/qemu/-/issues/1171"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-2962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QEMU",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Will be fixed in QEMU 7.2.0-rc0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn\u0027t check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/qemu-project/qemu/-/issues/1171",
              "refsource": "MISC",
              "url": "https://gitlab.com/qemu-project/qemu/-/issues/1171"
            },
            {
              "name": "https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182",
              "refsource": "MISC",
              "url": "https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2962",
    "datePublished": "2022-09-13T19:18:14.000Z",
    "dateReserved": "2022-08-23T00:00:00.000Z",
    "dateUpdated": "2025-04-23T17:11:03.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2023-AVI-0318

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	Isolation Segment versions 2.12.x antérieures à 2.12.19
VMware	Tanzu	VMware Tanzu Application Service for VMs versions 2.12.x antérieures à 2.12.24
VMware	N/A	Canonical Ubuntu 18.04
VMware	Tanzu	VMware Tanzu Application Service for VMs versions 2.13.x antérieures à 2.13.17
VMware	N/A	Platform Automation Toolkit versions 4.0.x antérieures à to 4.0.13
VMware	Tanzu	VMware Tanzu Application Service for VMs versions 2.11.x antérieures à 2.11.35
VMware	N/A	Platform Automation Toolkit versions 4.3.x versions antérieures à 4.3.5
VMware	N/A	Platform Automation Toolkit versions 5.1.x versions antérieures à 5.1.0
VMware	N/A	Operations Manager versions 3.0.x antérieures à 3.0.4
VMware	N/A	Operations Manager versions 2.10.x antérieures à 2.10.51
VMware	N/A	Isolation Segment versions 3.0.x antérieures à 3.0.7 (avec Jammy Stemcells versions antérieures à 1.80)
VMware	N/A	Isolation Segment versions 2.11.x antérieures à 2.11.29
VMware	N/A	Platform Automation Toolkit versions 4.2.x antérieures à 4.2.8
VMware	N/A	Canonical Ubuntu 16.04
VMware	N/A	Platform Automation Toolkit versions 4.4.x versions antérieures à 4.4.30
VMware	N/A	Canonical Ubuntu 22.04
VMware	Tanzu	VMware Tanzu Application Service for VMs versions 3.0.x antérieures à 3.0.7 (avec Jammy Stemcells versions 1.80)
VMware	N/A	Platform Automation Toolkit versions 5.0.x versions antérieures à 5.0.23
VMware	N/A	Isolation Segment versions 2.13.x antérieures à 2.13.14
VMware	Tanzu	Tanzu Greenplum for Kubernetes versions antérieures à 1.4.0
VMware	N/A	Platform Automation Toolkit versions 4.1.x antérieures à 4.1.13

References

Title

Publication Time

Tags

Bulletin de sécurité VMware USN-5795-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5795-2 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5787-2 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5765-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5821-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5801-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5811-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5787-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5806-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5807-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5787-1 du 12 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5806-2 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5772-1 du 13 avril 2023	None	vendor-advisory
Bulletin de sécurité VMware USN-5767-1 du 13 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Isolation Segment versions 2.12.x ant\u00e9rieures \u00e0 2.12.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu Application Service for VMs versions 2.12.x ant\u00e9rieures \u00e0 2.12.24",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Canonical Ubuntu 18.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu Application Service for VMs versions 2.13.x ant\u00e9rieures \u00e0 2.13.17",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.0.x ant\u00e9rieures \u00e0 to 4.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu Application Service for VMs versions 2.11.x ant\u00e9rieures \u00e0 2.11.35",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.3.x versions ant\u00e9rieures \u00e0 4.3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 5.1.x versions ant\u00e9rieures \u00e0 5.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager versions 2.10.x ant\u00e9rieures \u00e0 2.10.51",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 (avec Jammy Stemcells versions ant\u00e9rieures \u00e0 1.80)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 2.11.x ant\u00e9rieures \u00e0 2.11.29",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.2.x ant\u00e9rieures \u00e0 4.2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Canonical Ubuntu 16.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.4.x versions ant\u00e9rieures \u00e0 4.4.30",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Canonical Ubuntu 22.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu Application Service for VMs versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 (avec Jammy Stemcells versions 1.80)",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 5.0.x versions ant\u00e9rieures \u00e0 5.0.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 2.13.x ant\u00e9rieures \u00e0 2.13.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum for Kubernetes versions ant\u00e9rieures \u00e0 1.4.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.1.x ant\u00e9rieures \u00e0 4.1.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-24809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24809"
    },
    {
      "name": "CVE-2022-47629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47629"
    },
    {
      "name": "CVE-2022-24805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
    },
    {
      "name": "CVE-2022-44792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44792"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-4883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4883"
    },
    {
      "name": "CVE-2022-44793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44793"
    },
    {
      "name": "CVE-2022-3165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3165"
    },
    {
      "name": "CVE-2022-0417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0417"
    },
    {
      "name": "CVE-2022-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
    },
    {
      "name": "CVE-2022-24810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
    },
    {
      "name": "CVE-2022-37454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
    },
    {
      "name": "CVE-2022-44617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44617"
    },
    {
      "name": "CVE-2021-3682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3682"
    },
    {
      "name": "CVE-2021-23222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
    },
    {
      "name": "CVE-2022-2962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2962"
    },
    {
      "name": "CVE-2023-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
    },
    {
      "name": "CVE-2022-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
    },
    {
      "name": "CVE-2022-33070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33070"
    },
    {
      "name": "CVE-2022-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0216"
    },
    {
      "name": "CVE-2022-40898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
    },
    {
      "name": "CVE-2022-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
    },
    {
      "name": "CVE-2022-46285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46285"
    },
    {
      "name": "CVE-2021-3930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3930"
    },
    {
      "name": "CVE-2021-33621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2021-3750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3750"
    }
  ],
  "initial_release_date": "2023-04-17T00:00:00",
  "last_revision_date": "2023-04-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0318",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de\nprivil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5795-1 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5787-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5795-2 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5787-2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-2 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5772-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5765-1 du 13 avril 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5821-1 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5821-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5801-1 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5795-2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5811-1 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5811-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-1 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5767-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5806-1 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5801-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5807-1 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5807-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-1 du 12 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5765-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5806-2 du 13 avril 2023",
      "url": "https://tanzu.vmware.com/security/usn-5806-2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5772-1 du 13 avril 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5767-1 du 13 avril 2023",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-2962 (GCVE-0-2022-2962)

Vulnerability from cvelistv5

CERTFR-2023-AVI-0318

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature