what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

CVE-2022-25236

Status Candidate

Overview

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Related Files

Zoom XMPP Stanza Smuggling Remote Code Execution
Posted May 24, 2022
Authored by Ivan Fratric, Google Security Research

This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms.

tags | exploit, arbitrary, code execution, protocol
systems | windows
advisories | CVE-2022-22787, CVE-2022-25236
SHA-256 | c5835f3651ef4f351fdd27038787c6bd633712398f3562132cf3224e2a0a5e16
Red Hat Security Advisory 2022-4668-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-36221, CVE-2021-41190, CVE-2022-0778, CVE-2022-21698, CVE-2022-24407, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 57ea642d5a0a1510cce8ff99f716b47bf753e4780e02ad6c833852fa3e9a589b
Red Hat Security Advisory 2022-1739-01
Posted May 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1739-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the containers for the release.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-44906, CVE-2022-0235, CVE-2022-0536, CVE-2022-0778, CVE-2022-24771, CVE-2022-24772, CVE-2022-24773, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | cb21e1da18630601c7d6b7eb569a0a6065c74bb6f909471f40f1d94f5c502fc3
Red Hat Security Advisory 2022-1622-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1622-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.57.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-8647, CVE-2020-8649, CVE-2022-0435, CVE-2022-0711, CVE-2022-0778, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-24407, CVE-2022-24769, CVE-2022-25173, CVE-2022-25174, CVE-2022-25175, CVE-2022-25176, CVE-2022-25177, CVE-2022-25178, CVE-2022-25179, CVE-2022-25180, CVE-2022-25181, CVE-2022-25182, CVE-2022-25183, CVE-2022-25184, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | c6bbb6c8c7f4807bed808b409a1979c9c7ff636de3be398e6d437bf3aaece474
Red Hat Security Advisory 2022-1309-01
Posted Apr 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1309-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 7463125dafb0ba97745d92ab18eecb53e936970a9015885d92d859de14a7b81e
Red Hat Security Advisory 2022-1263-01
Posted Apr 7, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, code execution, integer overflow, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-0920, CVE-2021-4028, CVE-2021-4083, CVE-2021-4155, CVE-2021-45417, CVE-2022-0330, CVE-2022-0778, CVE-2022-22942, CVE-2022-24407, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 8099208ae1c6aef8c286b95bb11ce25104d7ea396a4083c6ef51ad9bcd09650a
Red Hat Security Advisory 2022-1070-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1070-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 090b931cf27fcbfcf83f4bab13fae45cbc572f0e2c3375ac6b18f27c5423522e
Red Hat Security Advisory 2022-1068-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1068-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | cff735b92079459101b3f627350f2527213cc970855eddb7e97285e7db03621d
Red Hat Security Advisory 2022-1069-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1069-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 4636becc23f191c55578ec936c83d29b397e92bb34cf4b5d485c24e5fde8cec1
Red Hat Security Advisory 2022-1053-01
Posted Mar 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1053-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | f4f802993ea3100d0df09c80d0cdf767c42c981fc188c3de7910f754386e1851
Red Hat Security Advisory 2022-1039-01
Posted Mar 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1039-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-25709, CVE-2020-25710, CVE-2021-23177, CVE-2021-31566, CVE-2021-3999, CVE-2021-45960, CVE-2021-46143, CVE-2022-1025, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2022-23852, CVE-2022-24407, CVE-2022-24730, CVE-2022-24731, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | a3aa6dabb32b90d59c78082f139db0780896fec7f29703a5c21de22ea3a9a54a
Red Hat Security Advisory 2022-1041-01
Posted Mar 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1041-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-23177, CVE-2021-31566, CVE-2021-3999, CVE-2021-45960, CVE-2021-46143, CVE-2022-0261, CVE-2022-0318, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-1025, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2022-23852, CVE-2022-24407, CVE-2022-24730, CVE-2022-24731, CVE-2022-25235, CVE-2022-25236
SHA-256 | 6445fba90799b01b872171494589c69dffa5557ff9ffa53f46f79a6cee9831a2
Red Hat Security Advisory 2022-1012-01
Posted Mar 23, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1012-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 57f82e760b9ff26a89294331c00d89dc12766f4bb95dba6543918b518a6f31d8
Red Hat Security Advisory 2022-0951-01
Posted Mar 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0951-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 336212c2c1cb70fe9f9cf1cc5dea09e7417703255f38a4eecbdee96db3af464e
Red Hat Security Advisory 2022-0843-01
Posted Mar 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0843-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-0566, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | 91b426f8c1cb90853402f23c2cdfe36ee62902648c19f9212e72ae35ea4c6e81
Red Hat Security Advisory 2022-0845-01
Posted Mar 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0845-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-0566, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | 6f7449ee9aa149026be585b4ca891c22521d3999d98cdfa9f63ca632be9c7574
Red Hat Security Advisory 2022-0847-01
Posted Mar 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0847-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-0566, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | 7b6191839615d6bc0f12d270d42e5ec64d0f8c3fd8c3fd2e1dc39b8cec0853af
Red Hat Security Advisory 2022-0850-01
Posted Mar 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0850-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-0566, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | 1b96a1bc9f83c45d739f7ddb29c6782a077745a81ad1e808806c264b4902c914
Red Hat Security Advisory 2022-0853-01
Posted Mar 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0853-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-0566, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | ab930cd0ca57a6f710760cb8bf8f9c5fc2675425b03472f734565c6e7538a774
Red Hat Security Advisory 2022-0818-01
Posted Mar 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0818-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | 133a2b246e13e082a64c2fd96bfbe208e752a9beb550c26101bc5af96c1b129c
Red Hat Security Advisory 2022-0815-01
Posted Mar 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0815-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | 13f734650c4d5497603d137f891837693bd76569d04bcf45f2a21b1ae09df970
Red Hat Security Advisory 2022-0816-01
Posted Mar 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0816-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | 49509fe0ecc4d99dbc2367e26ca5e94a0385634b79ab64e46658b0f8e1ab26a0
Red Hat Security Advisory 2022-0817-01
Posted Mar 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0817-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | 33bf60ebb2e506860c315bbbab384e14b93a68a7da1136bfdb2b881a027ec41f
Red Hat Security Advisory 2022-0824-01
Posted Mar 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0824-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486
SHA-256 | f68b5b2d825ea8ea88fe125146cc153021465e2fbb031ab5be601caba75131fb
Ubuntu Security Notice USN-5320-1
Posted Mar 10, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5320-1 - USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315
SHA-256 | f73ffaf6eb03b92ee8fa616e8b96fe44c883861c77e20c470a4a5a8c89b228da
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close