# About the security content of Safari 15.6
This document describes the security content of Safari 15.6.
## About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.
Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.
For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.
## Safari 15.6
Released July 20, 2022
**Safari Extensions**
Available for: macOS Big Sur and macOS Catalina
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: The issue was addressed with improved UI handling.
CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University
**WebKit**
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved validation.
WebKit Bugzilla: 241526
CVE-2022-32885: P1umer(@p1umer) and Q1IQ(@q1iqF)
Entry added March 16, 2023
**WebKit**
Available for: macOS Big Sur and macOS Catalina
Impact: A user may be tracked through their IP address
Description: A logic issue was addressed with improved state management.
CVE-2022-32861: Matthias Keller (m-keller.com)
Entry added September 16, 2022
**WebKit**
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-32863: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)
Entry added September 16, 2022, updated March 16, 2023
**WebKit**
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
**WebRTC**
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: A memory corruption issue was addressed with improved state management.
WebKit Bugzilla: 242339
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.
Published Date: March 16, 2023
{"id": "APPLE:37AFBB95AFD80D918469C22F0A05655D", "vendorId": null, "type": "apple", "bulletinFamily": "software", "title": "About the security content of Safari 15.6", "description": "# About the security content of Safari 15.6\n\nThis document describes the security content of Safari 15.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 15.6\n\nReleased July 20, 2022\n\n**Safari Extensions**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nWebKit Bugzilla: 241526 \nCVE-2022-32885: P1umer(@p1umer) and Q1IQ(@q1iqF)\n\nEntry added March 16, 2023\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: A user may be tracked through their IP address\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32861: Matthias Keller (m-keller.com)\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)\n\nEntry added September 16, 2022, updated March 16, 2023 \n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339 \nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2023\n", "published": "2022-07-20T00:00:00", "modified": "2022-07-20T00:00:00", "epss": [{"cve": "CVE-2022-2294", "epss": 0.00426, "percentile": 0.70718, "modified": "2023-06-09"}, {"cve": "CVE-2022-32784", "epss": 0.00087, "percentile": 0.35624, "modified": "2023-06-03"}, {"cve": "CVE-2022-32792", "epss": 0.00088, "percentile": 0.36469, "modified": "2023-06-03"}, {"cve": "CVE-2022-32861", "epss": 0.00046, "percentile": 0.13993, "modified": "2023-06-03"}, {"cve": "CVE-2022-32863", "epss": 0.00085, "percentile": 0.34639, "modified": "2023-06-03"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://support.apple.com/kb/HT213341", "reporter": "Apple", "references": ["https://support.apple.com/en-us/HT201222"], "cvelist": ["CVE-2022-2294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32861", "CVE-2022-32863", "CVE-2022-32885"], "immutableFields": [], "lastseen": "2023-06-09T15:14:46", "viewCount": 222, "enchantments": {"affected_software": {"major_version": [{"name": "safari", "version": 15}]}, "affected_software_major_version": [{"name": "safari", "version": 15}], "dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-2294", "ALPINE:CVE-2022-32792"]}, {"type": "apple", "idList": ["APPLE:36D1157BC66453E0491C66ACBF433EE9", "APPLE:525A1C81291F8006179082509655B7D2", "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "APPLE:DF68F7FFE1ED4E5157204A83619C4B89"]}, {"type": "archlinux", "idList": ["ASA-202207-1", "ASA-202207-2", "ASA-202207-3", "ASA-202207-4"]}, {"type": "attackerkb", "idList": ["AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61"]}, {"type": "avleonov", "idList": ["AVLEONOV:B87691B304EF70215B926F66B871260A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0566"]}, {"type": "chrome", "idList": ["GCSA-5089288012050676645", "GCSA-7720125337817983232"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-2294"]}, {"type": "cnvd", "idList": ["CNVD-2022-71996"]}, {"type": "cve", "idList": ["CVE-2022-2294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32861", "CVE-2022-32863", "CVE-2022-32885"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3073-1:E36D1", "DEBIAN:DSA-5180-1:E631C", "DEBIAN:DSA-5210-1:35DB1", "DEBIAN:DSA-5211-1:03E97", "DEBIAN:DSA-5396-1:6E347", "DEBIAN:DSA-5397-1:3771E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-2294", "DEBIANCVE:CVE-2022-32792", "DEBIANCVE:CVE-2022-32885"]}, {"type": "fedora", "idList": ["FEDORA:0AA80217E4B2", "FEDORA:1AA1C30A3C1B", "FEDORA:2388E3047E08", "FEDORA:29E5830A072A", "FEDORA:59B6820C6D43", "FEDORA:5A5E120C65F1", "FEDORA:D921930742B0"]}, {"type": "freebsd", "idList": ["744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202208-35", "GLSA-202208-39", "GLSA-202305-32"]}, {"type": "hivepro", "idList": ["HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809"]}, {"type": "kaspersky", "idList": ["KLA12578", "KLA12579", "KLA12587"]}, {"type": "mageia", "idList": ["MGASA-2022-0287", "MGASA-2023-0177"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "MALWAREBYTES:6E72426C60EECBEF071E305072060892"]}, {"type": "mscve", "idList": ["MS:CVE-2022-2294"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-3073.NASL", "DEBIAN_DLA-3419.NASL", "DEBIAN_DSA-5180.NASL", "DEBIAN_DSA-5210.NASL", "DEBIAN_DSA-5211.NASL", "DEBIAN_DSA-5396.NASL", "DEBIAN_DSA-5397.NASL", "FEDORA_2023-5B61346BBE.NASL", "FEDORA_2023-8900B35C6F.NASL", "FEDORA_2023-A4BBF02A57.NASL", "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "GENTOO_GLSA-202208-35.NASL", "GENTOO_GLSA-202208-39.NASL", "GENTOO_GLSA-202305-32.NASL", "GOOGLE_CHROME_103_0_5060_114.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "MACOS_HT213345.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "OPENSUSE-2022-10055-1.NASL", "OPENSUSE-2022-10057-1.NASL", "OPENSUSE-2022-10087-1.NASL", "OPENSUSE-2022-10088-1.NASL", "SUSE_SU-2022-2820-1.NASL", "SUSE_SU-2022-2821-1.NASL", "SUSE_SU-2022-2826-1.NASL", "SUSE_SU-2022-2915-1.NASL", "SUSE_SU-2023-2056-1.NASL", "SUSE_SU-2023-2065-1.NASL", "SUSE_SU-2023-2077-1.NASL", "SUSE_SU-2023-2078-1.NASL", "UBUNTU_USN-5568-1.NASL", "UBUNTU_USN-6061-1.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-3073-1", "OSV:DLA-3419-1", "OSV:DSA-5180-1", "OSV:DSA-5210-1", "OSV:DSA-5211-1", "OSV:DSA-5396-1", "OSV:DSA-5397-1"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:058E013CF475F33D6DEBB8955340D15B", "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3"]}, {"type": "securelist", "idList": ["SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10055-1", "OPENSUSE-SU-2022:10057-1", "OPENSUSE-SU-2022:10087-1", "OPENSUSE-SU-2022:10088-1", "SUSE-SU-2022:2820-1", "SUSE-SU-2022:2826-1"]}, {"type": "thn", "idList": ["THN:0ADE883013E260B4548F6E16D65487D3", "THN:222F7713CA968509F8C385BA29B0B6A5", "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "THN:5D50D5AA81EE14FA1044614364EAEBC6", "THN:80C4CCCAB293DD273948D1317EAC8B73", "THN:EDC4E93542AFAF751E67BF527C826DA4", "THN:FFFF05ECDE44C9ED26B53D328B60689B"]}, {"type": "threatpost", "idList": ["THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC"]}, {"type": "trellix", "idList": ["TRELLIX:6AC0A8EB929E0B0AC515928EFCB01642"]}, {"type": "ubuntu", "idList": ["USN-5568-1", "USN-6061-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-2294", "UB:CVE-2022-32792", "UB:CVE-2022-32885"]}, {"type": "veracode", "idList": ["VERACODE:36373", "VERACODE:36540"]}, {"type": "zdi", "idList": ["ZDI-22-1123"]}]}, "score": {"value": 8.4, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-2294", "epss": 0.00426, "percentile": 0.70531, "modified": "2023-05-02"}, {"cve": "CVE-2022-32784", "epss": 0.00087, "percentile": 0.35522, "modified": "2023-05-02"}, {"cve": "CVE-2022-32792", "epss": 0.00088, "percentile": 0.36361, "modified": "2023-05-02"}, {"cve": "CVE-2022-32861", "epss": 0.00046, "percentile": 0.13987, "modified": "2023-05-02"}, {"cve": "CVE-2022-32863", "epss": 0.00085, "percentile": 0.34524, "modified": "2023-05-02"}], "vulnersScore": 8.4}, "_state": {"affected_software_major_version": 0, "dependencies": 1686333390, "score": 1686324072, "epss": 0}, "_internal": {"score_hash": "0c22beef873af24304beb1265b7675ef"}, "affectedSoftware": [{"version": "15.6", "operator": "lt", "name": "safari"}]}
{"mageia": [{"lastseen": "2023-06-09T15:25:20", "description": "The updated packages fix security vulnerabilities and other issues. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-20T10:04:13", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-20T10:04:13", "id": "MGASA-2022-0287", "href": "https://advisories.mageia.org/MGASA-2022-0287.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T18:27:49", "description": "HTML document may be able to render iframes with sensitive user information (CVE-2022-0108) maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32885) use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. (CVE-2023-25358) maliciously crafted web content may bypass Same Origin Policy (CVE-2023-27932) Website may be able to track sensitive user information. Description: The issue was addressed by removing origin information. (CVE-2023-27954) maliciously crafted web content may lead to arbitrary code execution (CVE-2023-28205) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-21T08:42:44", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-21T08:42:44", "id": "MGASA-2023-0177", "href": "https://advisories.mageia.org/MGASA-2023-0177.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-06-09T15:17:38", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nSeveral security issues were discovered in the WebKitGTK Web and JavaScript \nengines. If a user were tricked into viewing a malicious website, a remote \nattacker could exploit a variety of issues related to web browser security, \nincluding cross-site scripting attacks, denial of service attacks, and \narbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-15T00:00:00", "type": "ubuntu", "title": "WebKitGTK vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-15T00:00:00", "id": "USN-5568-1", "href": "https://ubuntu.com/security/notices/USN-5568-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T18:27:51", "description": "## Releases\n\n * Ubuntu 23.04 \n * Ubuntu 22.10 \n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nSeveral security issues were discovered in the WebKitGTK Web and JavaScript \nengines. If a user were tricked into viewing a malicious website, a remote \nattacker could exploit a variety of issues related to web browser security, \nincluding cross-site scripting attacks, denial of service attacks, and \narbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-08T00:00:00", "type": "ubuntu", "title": "WebKitGTK vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-08T00:00:00", "id": "USN-6061-1", "href": "https://ubuntu.com/security/notices/USN-6061-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-17T16:33:41", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-5568-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164124", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5568-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164124);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"USN\", value:\"5568-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5568-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:34:57", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2915-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2915-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2915-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164467", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2915-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164467);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2915-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2915-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2915-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6\n and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6\n and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI\n spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201980\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/012003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?845c7167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-2.107.2', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:41", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5211 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "Debian DSA-5211-1 : wpewebkit - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-3", "p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-dev", "p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-doc", "p-cpe:/a:debian:debian_linux:wpewebkit-driver", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5211.NASL", "href": "https://www.tenable.com/plugins/nessus/164168", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5211. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164168);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n\n script_name(english:\"Debian DSA-5211-1 : wpewebkit - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5211 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/wpewebkit\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/wpewebkit\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the wpewebkit packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.36.6-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpewebkit-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-3', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-dev', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-doc', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'wpewebkit-driver', 'reference': '2.36.6-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwpewebkit-1.0-3 / libwpewebkit-1.0-dev / libwpewebkit-1.0-doc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:59", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2826-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2826-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_1", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2826-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164221", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2826-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164221);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2826-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2826-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2826-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6\n and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6\n and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI\n spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201980\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011925.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dca49e82\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'WebKit2GTK-4.0-lang-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-4.1-lang-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-5.0-lang-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.36.5-150400.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-32bit-2.36.5-150400.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.36.5-150400.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-32bit-2.36.5-150400.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-5_0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4.1-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-5.0-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-minibrowser-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-minibrowser-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-devel-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-minibrowser-2.36.5-150400.4.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'WebKit2GTK-4.0-lang / WebKit2GTK-4.1-lang / WebKit2GTK-5.0-lang / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:59", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2821-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2821-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2821-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164231", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2821-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164231);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2821-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2821-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2821-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6\n and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6\n and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI\n spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201980\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011919.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6f661e8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:00", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2820-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2820-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2820-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164217", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2820-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164217);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2820-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2820-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2820-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6\n and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6\n and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI\n spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201980\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011922.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dbea4431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.36.5-150200.41.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.36.5-150200.41.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit-jsc-4-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk3-minibrowser-2.36.5-150200.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:55", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5210 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "Debian DSA-5210-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc", "p-cpe:/a:debian:debian_linux:webkit2gtk-driver", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5210.NASL", "href": "https://www.tenable.com/plugins/nessus/164241", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5210. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164241);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n\n script_name(english:\"Debian DSA-5210-1 : webkit2gtk - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5210 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/webkit2gtk\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.36.6-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.36.6-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:49", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3073 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-18T00:00:00", "type": "nessus", "title": "Debian DLA-3073-1 : webkit2gtk - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc", "p-cpe:/a:debian:debian_linux:webkit2gtk-driver", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3073.NASL", "href": "https://www.tenable.com/plugins/nessus/164260", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3073. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164260);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n\n script_name(english:\"Debian DLA-3073-1 : webkit2gtk - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3073 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/webkit2gtk\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the webkit2gtk packages.\n\nFor Debian 10 buster, these problems have been fixed in version 2.36.6-1~deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37-gtk2', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.36.6-1~deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:40", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-07T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "href": "https://www.tenable.com/plugins/nessus/162776", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162776);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2294\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected\nby a vulnerability as referenced in the July 6, 2022 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-6-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c255ed38\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 103.0.1264.49 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '103.0.1264.49' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:42", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/162839", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162839);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n # https://vuxml.freebsd.org/freebsd/744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f39f44de\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<103.0.5060.114'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:30", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10055-1 advisory.\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294, CVE-2022-2295)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2296)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10055-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10055-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163078", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10055-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163078);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10055-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10055-1 advisory.\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294, CVE-2022-2295)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2296)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201216\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5LTW7LEHL5JFGRUX2J7S5CEEACPAUP/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7dcbbe96\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.114-bp153.2.107.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.114-bp153.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.114-bp153.2.107.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.114-bp153.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:06", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5180 advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Debian DSA-5180-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5180.NASL", "href": "https://www.tenable.com/plugins/nessus/163024", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5180. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163024);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Debian DSA-5180-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5180 advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.114-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '103.0.5060.114-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:40", "description": "The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-04T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "href": "https://www.tenable.com/plugins/nessus/162705", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162705);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:41", "description": "The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-04T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_103_0_5060_114.NASL", "href": "https://www.tenable.com/plugins/nessus/162706", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162706);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:37", "description": "The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-39.NASL", "href": "https://www.tenable.com/plugins/nessus/164535", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-39.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164535);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/31\");\n\n script_cve_id(\n \"CVE-2022-2294\",\n \"CVE-2022-22589\",\n \"CVE-2022-22590\",\n \"CVE-2022-22592\",\n \"CVE-2022-22620\",\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-22677\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\",\n \"CVE-2022-30294\",\n \"CVE-2022-32784\",\n \"CVE-2022-32792\",\n \"CVE-2022-32893\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/02/25\");\n\n script_name(english:\"GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted\n mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS\n 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content\n may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a\n duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS\n 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content\n may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively\n exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-39\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=832990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=837305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=839984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=845252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=856445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=861740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866494\");\n script_set_attribute(attribute:\"solution\", value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=net-libs/webkit-gtk-2.36.7\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"net-libs/webkit-gtk\",\n 'unaffected' : make_list(\"ge 2.36.7\", \"lt 2.0.0\"),\n 'vulnerable' : make_list(\"lt 2.36.7\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:46:43", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3419 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-14T00:00:00", "type": "nessus", "title": "Debian DLA-3419-1 : webkit2gtk - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc", "p-cpe:/a:debian:debian_linux:webkit2gtk-driver", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3419.NASL", "href": "https://www.tenable.com/plugins/nessus/175656", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3419. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175656);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"Debian DLA-3419-1 : webkit2gtk - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3419 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3,\n watchOS 9.4, tvOS 16.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content\n may bypass Same Origin Policy (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS\n 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able\n to track sensitive user information (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura\n 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-27932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-27954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-28205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/webkit2gtk\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the webkit2gtk packages.\n\nFor Debian 10 buster, these problems have been fixed in version 2.38.6-0+deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37-gtk2', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.38.6-0+deb10u1'},\n {'release': '10.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.38.6-0+deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:16:40", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10057-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163094", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10057-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163094);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2294\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d06180ba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-88.0.4412.74-lp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:47:19", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5396 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-03T00:00:00", "type": "nessus", "title": "Debian DSA-5396-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc", "p-cpe:/a:debian:debian_linux:webkit2gtk-driver", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5396.NASL", "href": "https://www.tenable.com/plugins/nessus/175077", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5396. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175077);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/03\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"Debian DSA-5396-1 : webkit2gtk - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5396 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2023/dsa-5396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-27932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-27954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-28205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/webkit2gtk\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.40.1-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.40.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.40.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.40.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.40.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.40.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.40.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.40.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.40.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.40.1-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:47:19", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8900b35c6f advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-05T00:00:00", "type": "nessus", "title": "Fedora 36 : webkit2gtk3 (2023-8900b35c6f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:webkit2gtk3"], "id": "FEDORA_2023-8900B35C6F.NASL", "href": "https://www.tenable.com/plugins/nessus/175137", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-8900b35c6f\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175137);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/05\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2023-25358\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n script_xref(name:\"FEDORA\", value:\"2023-8900b35c6f\");\n\n script_name(english:\"Fedora 36 : webkit2gtk3 (2023-8900b35c6f)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-8900b35c6f advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-8900b35c6f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkit2gtk3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.40.1-1.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:47:37", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6061-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-08T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : WebKitGTK vulnerabilities (USN-6061-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-5.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-5.0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-5.0-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-5.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-5.0-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-5.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-6061-1.NASL", "href": "https://www.tenable.com/plugins/nessus/175285", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-6061-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175285);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2023-25358\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"USN\", value:\"6061-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : WebKitGTK vulnerabilities (USN-6061-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-6061-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-6061-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-5.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-5.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-5.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-5.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|22\\.04|22\\.10|23\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04 / 22.10 / 23.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.38.6-0ubuntu0.20.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.38.6-0ubuntu0.22.04.1'},\n {'osver': '22.10', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'gir1.2-javascriptcoregtk-5.0', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'gir1.2-webkit2-5.0', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libjavascriptcoregtk-5.0-0', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libjavascriptcoregtk-5.0-dev', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libwebkit2gtk-5.0-0', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'libwebkit2gtk-5.0-dev', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '22.10', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.38.6-0ubuntu0.22.10.1'},\n {'osver': '23.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'gir1.2-javascriptcoregtk-6.0', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'gir1.2-webkit-6.0', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libjavascriptcoregtk-6.0-1', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libjavascriptcoregtk-6.0-dev', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libwebkitgtk-6.0-4', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'libwebkitgtk-6.0-dev', 'pkgver': '2.40.1-0ubuntu0.23.04.1'},\n {'osver': '23.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.40.1-0ubuntu0.23.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:47:54", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5397 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-03T00:00:00", "type": "nessus", "title": "Debian DSA-5397-1 : wpewebkit - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-3", "p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-dev", "p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-doc", "p-cpe:/a:debian:debian_linux:wpewebkit-driver", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5397.NASL", "href": "https://www.tenable.com/plugins/nessus/175078", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5397. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175078);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/03\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"Debian DSA-5397-1 : wpewebkit - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5397 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/wpewebkit\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2023/dsa-5397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-27932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-27954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-28205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/wpewebkit\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the wpewebkit packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.38.6-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpewebkit-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-3', 'reference': '2.38.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-dev', 'reference': '2.38.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-doc', 'reference': '2.38.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'wpewebkit-driver', 'reference': '2.38.6-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwpewebkit-1.0-3 / libwpewebkit-1.0-dev / libwpewebkit-1.0-doc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:47:54", "description": "The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a4bbf02a57 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-30T00:00:00", "type": "nessus", "title": "Fedora 37 : webkitgtk (2023-a4bbf02a57)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-04-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:37", "p-cpe:/a:fedoraproject:fedora:webkitgtk"], "id": "FEDORA_2023-A4BBF02A57.NASL", "href": "https://www.tenable.com/plugins/nessus/174958", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-a4bbf02a57\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174958);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/30\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2023-25358\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n script_xref(name:\"FEDORA\", value:\"2023-a4bbf02a57\");\n\n script_name(english:\"Fedora 37 : webkitgtk (2023-a4bbf02a57)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-a4bbf02a57 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-a4bbf02a57\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkitgtk package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^37([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'webkitgtk-2.40.1-1.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkitgtk');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:47:36", "description": "The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5b61346bbe advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-24T00:00:00", "type": "nessus", "title": "Fedora 38 : webkitgtk (2023-5b61346bbe)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:38", "p-cpe:/a:fedoraproject:fedora:webkitgtk"], "id": "FEDORA_2023-5B61346BBE.NASL", "href": "https://www.tenable.com/plugins/nessus/174639", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-5b61346bbe\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174639);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/15\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2023-25358\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n script_xref(name:\"FEDORA\", value:\"2023-5b61346bbe\");\n\n script_name(english:\"Fedora 38 : webkitgtk (2023-5b61346bbe)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-5b61346bbe advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-5b61346bbe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkitgtk package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:38\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^38([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'webkitgtk-2.40.1-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkitgtk');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:27", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10087-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10087-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164134", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10087-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164134);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10087-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05668353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-89.0.4447.71-lp153.2.54.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:54", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10088-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10088-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2022-10088-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164144", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10088-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164144);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10088-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10088-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2a5cb63\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-89.0.4447.71-lp154.2.14.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:46:40", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2056-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32886)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32912)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2023:2056-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2022-32886", "CVE-2022-32912", "CVE-2023-25358", "CVE-2023-25360", "CVE-2023-25361", "CVE-2023-25362", "CVE-2023-25363", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2023-2056-1.NASL", "href": "https://www.tenable.com/plugins/nessus/174918", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:2056-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174918);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/01\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2022-32886\",\n \"CVE-2022-32912\",\n \"CVE-2023-25358\",\n \"CVE-2023-25360\",\n \"CVE-2023-25361\",\n \"CVE-2023-25362\",\n \"CVE-2023-25363\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:2056-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2023:2056-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2023:2056-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32886)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32912)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1210295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1210731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.suse.com/pipermail/sle-updates/2023-April/029027.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-27932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-27954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-28205\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-2.136.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4', 'sles-release-4']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-2.136.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4', 'sles-release-4']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-2.136.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4', 'sles-release-4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4', 'sles-release-4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-2.136.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4', 'sles-release-4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4', 'sles-release-4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4', 'sles-release-4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-2.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-2.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-2.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-2.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.38.6-2.136.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-2.136.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-2.136.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-2.136.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-2.136.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.38.6-2.136.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-2.136.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-2.136.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-2.136.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-2.136.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-2.136.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-4']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-2.136.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-2.136.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:47:18", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2065-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32886)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32912)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-29T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2023:2065-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2022-32886", "CVE-2022-32912", "CVE-2023-25358", "CVE-2023-25360", "CVE-2023-25361", "CVE-2023-25362", "CVE-2023-25363", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-04-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_1", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-2065-1.NASL", "href": "https://www.tenable.com/plugins/nessus/174948", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:2065-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174948);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/29\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2022-32886\",\n \"CVE-2022-32912\",\n \"CVE-2023-25358\",\n \"CVE-2023-25360\",\n \"CVE-2023-25361\",\n \"CVE-2023-25362\",\n \"CVE-2023-25363\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:2065-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2023:2065-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2023:2065-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32886)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32912)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1210295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1210731\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-April/014671.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?89102f46\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-27932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-27954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-28205\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.38.6-150400.4.39.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'WebKit2GTK-4.0-lang-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-4.1-lang-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-5.0-lang-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.38.6-150400.4.39.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-32bit-2.38.6-150400.4.39.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.38.6-150400.4.39.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-32bit-2.38.6-150400.4.39.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-5_0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4.1-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-5.0-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-minibrowser-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-minibrowser-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-devel-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-minibrowser-2.38.6-150400.4.39.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'WebKit2GTK-4.0-lang / WebKit2GTK-4.1-lang / WebKit2GTK-5.0-lang / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:46:59", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2078-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32886)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32912)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-02T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2023:2078-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2022-32886", "CVE-2022-32912", "CVE-2023-25358", "CVE-2023-25360", "CVE-2023-25361", "CVE-2023-25362", "CVE-2023-25363", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-2078-1.NASL", "href": "https://www.tenable.com/plugins/nessus/174980", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:2078-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174980);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/02\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2022-32886\",\n \"CVE-2022-32912\",\n \"CVE-2023-25358\",\n \"CVE-2023-25360\",\n \"CVE-2023-25361\",\n \"CVE-2023-25362\",\n \"CVE-2023-25363\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:2078-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2023:2078-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2023:2078-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32886)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32912)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1210295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1210731\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-May/014714.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6346f43b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-27932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-27954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-28205\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.38.6-150000.3.139.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.38.6-150000.3.139.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:46:59", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2077-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32886)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32912)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-02T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2023:2077-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2022-32886", "CVE-2022-32912", "CVE-2023-25358", "CVE-2023-25360", "CVE-2023-25361", "CVE-2023-25362", "CVE-2023-25363", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-2077-1.NASL", "href": "https://www.tenable.com/plugins/nessus/174979", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:2077-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174979);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/02\");\n\n script_cve_id(\n \"CVE-2022-0108\",\n \"CVE-2022-32885\",\n \"CVE-2022-32886\",\n \"CVE-2022-32912\",\n \"CVE-2023-25358\",\n \"CVE-2023-25360\",\n \"CVE-2023-25361\",\n \"CVE-2023-25362\",\n \"CVE-2023-25363\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:2077-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2023:2077-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2023:2077-1 advisory.\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)\n\n - * The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate\n correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse\n wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when\n the origin is the same as the clipboard contents. * Improvements to the GStreamer multimedia playback, in\n particular around MSE, WebRTC, and seeking. * Make all supported image types appear in the Accept HTTP\n header. * Fix text caret blinking when blinking is disabled in the GTK settings. * Fix default database\n quota size definition. * Fix application of all caps tags listed in the font-feature-settings CSS\n property. * Fix font height calculations for the font-size-adjust CSS property. * Fix several crashes\n and rendering issues. * Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,\n CVE-2023-27954, CVE-2023-28205 (CVE-2022-32885)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32886)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32912)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5\n and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing\n maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this\n issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1210295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1210731\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-May/014715.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?700d1a00\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-25363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-27932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-27954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-28205\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0108\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.38.6-150200.72.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.38.6-150200.72.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:35", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.5 (HT213345)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213345.NASL", "href": "https://www.tenable.com/plugins/nessus/164291", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164291);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2021-28544\",\n \"CVE-2022-2294\",\n \"CVE-2022-24070\",\n \"CVE-2022-26981\",\n \"CVE-2022-29046\",\n \"CVE-2022-29048\",\n \"CVE-2022-32785\",\n \"CVE-2022-32786\",\n \"CVE-2022-32787\",\n \"CVE-2022-32789\",\n \"CVE-2022-32792\",\n \"CVE-2022-32793\",\n \"CVE-2022-32796\",\n \"CVE-2022-32797\",\n \"CVE-2022-32798\",\n \"CVE-2022-32799\",\n \"CVE-2022-32800\",\n \"CVE-2022-32801\",\n \"CVE-2022-32805\",\n \"CVE-2022-32807\",\n \"CVE-2022-32810\",\n \"CVE-2022-32811\",\n \"CVE-2022-32812\",\n \"CVE-2022-32813\",\n \"CVE-2022-32814\",\n \"CVE-2022-32815\",\n \"CVE-2022-32816\",\n \"CVE-2022-32817\",\n \"CVE-2022-32818\",\n \"CVE-2022-32819\",\n \"CVE-2022-32820\",\n \"CVE-2022-32821\",\n \"CVE-2022-32823\",\n \"CVE-2022-32825\",\n \"CVE-2022-32826\",\n \"CVE-2022-32828\",\n \"CVE-2022-32829\",\n \"CVE-2022-32831\",\n \"CVE-2022-32832\",\n \"CVE-2022-32834\",\n \"CVE-2022-32837\",\n \"CVE-2022-32838\",\n \"CVE-2022-32839\",\n \"CVE-2022-32840\",\n \"CVE-2022-32841\",\n \"CVE-2022-32842\",\n \"CVE-2022-32843\",\n \"CVE-2022-32845\",\n \"CVE-2022-32847\",\n \"CVE-2022-32848\",\n \"CVE-2022-32849\",\n \"CVE-2022-32851\",\n \"CVE-2022-32852\",\n \"CVE-2022-32853\",\n \"CVE-2022-32857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213345\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-07-20\");\n script_xref(name:\"IAVA\", value:\"2022-A-0295-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"macOS 12.x < 12.5 (HT213345)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, \naffected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213345\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26981\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0', \n 'fixed_version': '12.5', \n 'fixed_display': 'macOS Monterey 12.5'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-30T12:42:54", "description": "The remote host is affected by the vulnerability described in GLSA-202305-32 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32886)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32888)\n\n - The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32891)\n\n - A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. (CVE-2022-32923)\n\n - The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. (CVE-2022-42799)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42823)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-42824)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42826)\n\n - The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2022-42852)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42863, CVE-2022-46699)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42867)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46691)\n\n - A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. (CVE-2022-46692)\n\n - A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-46698)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46700)\n\n - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-23517, CVE-2023-23518)\n\n - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..\n (CVE-2023-23529)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-30T00:00:00", "type": "nessus", "title": "GLSA-202305-32 : WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32885", "CVE-2022-32886", "CVE-2022-32888", "CVE-2022-32891", "CVE-2022-32923", "CVE-2022-42799", "CVE-2022-42823", "CVE-2022-42824", "CVE-2022-42826", "CVE-2022-42852", "CVE-2022-42856", "CVE-2022-42863", "CVE-2022-42867", "CVE-2022-46691", "CVE-2022-46692", "CVE-2022-46698", "CVE-2022-46699", "CVE-2022-46700", "CVE-2023-23517", "CVE-2023-23518", "CVE-2023-23529", "CVE-2023-25358", "CVE-2023-25360", "CVE-2023-25361", "CVE-2023-25362", "CVE-2023-25363", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:webkit-gtk"], "id": "GENTOO_GLSA-202305-32.NASL", "href": "https://www.tenable.com/plugins/nessus/176466", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202305-32.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(176466);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/30\");\n\n script_cve_id(\n \"CVE-2022-32885\",\n \"CVE-2022-32886\",\n \"CVE-2022-32888\",\n \"CVE-2022-32891\",\n \"CVE-2022-32923\",\n \"CVE-2022-42799\",\n \"CVE-2022-42823\",\n \"CVE-2022-42824\",\n \"CVE-2022-42826\",\n \"CVE-2022-42852\",\n \"CVE-2022-42856\",\n \"CVE-2022-42863\",\n \"CVE-2022-42867\",\n \"CVE-2022-46691\",\n \"CVE-2022-46692\",\n \"CVE-2022-46698\",\n \"CVE-2022-46699\",\n \"CVE-2022-46700\",\n \"CVE-2023-23517\",\n \"CVE-2023-23518\",\n \"CVE-2023-23529\",\n \"CVE-2023-25358\",\n \"CVE-2023-25360\",\n \"CVE-2023-25361\",\n \"CVE-2023-25362\",\n \"CVE-2023-25363\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28205\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/01/04\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/03/07\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n\n script_name(english:\"GLSA-202305-32 : WebKitGTK+: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202305-32 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS\n 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2022-32886)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big\n Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32888)\n\n - The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9,\n iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32891)\n\n - A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS\n 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing\n maliciously crafted web content may disclose internal states of the app. (CVE-2022-32923)\n\n - The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13,\n watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface\n spoofing. (CVE-2022-42799)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1,\n macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-42823)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS\n Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content\n may disclose sensitive user information. (CVE-2022-42824)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura\n 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2022-42826)\n\n - The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2,\n macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing\n maliciously crafted web content may result in the disclosure of process memory. (CVE-2022-42852)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2,\n tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted\n web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been\n actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in Safari\n 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-42863, CVE-2022-46699)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2,\n tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-42867)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari\n 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46691)\n\n - A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2,\n iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2,\n watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. (CVE-2022-46692)\n\n - A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud\n for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously\n crafted web content may disclose sensitive user information. (CVE-2022-46698)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari\n 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46700)\n\n - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS\n Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-23517,\n CVE-2023-23518)\n\n - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1,\n iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to\n arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..\n (CVE-2023-23529)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS\n 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may\n bypass Same Origin Policy (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS\n 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be\n able to track sensitive user information (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura\n 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited. (CVE-2023-28205)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202305-32\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=871732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=879571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=888563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=905346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=905349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=905351\");\n script_set_attribute(attribute:\"solution\", value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=net-libs/webkit-gtk-2.40.1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-28205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'net-libs/webkit-gtk',\n 'unaffected' : make_list(\"ge 2.40.1\"),\n 'vulnerable' : make_list(\"lt 2.40.1\")\n }\n];\n\nforeach var package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'WebKitGTK+');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T16:39:12", "description": "The remote host is affected by the vulnerability described in GLSA-202208-35 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-33636)\n\n - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2022-33649)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-35796)\n\n - Use after free in FedCM. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads. (CVE-2022-2853)\n\n - Use after free in SwiftShader. (CVE-2022-2854)\n\n - Use after free in ANGLE. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-2856)\n\n - Use after free in Blink. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-21T00:00:00", "type": "nessus", "title": "GLSA-202208-35 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-35796"], "modified": "2022-08-29T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:chromium-bin", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-35.NASL", "href": "https://www.tenable.com/plugins/nessus/164320", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-35.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164320);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/29\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-33636\",\n \"CVE-2022-33649\",\n \"CVE-2022-35796\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"GLSA-202208-35 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-35 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-33636)\n\n - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2022-33649)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-35796)\n\n - Use after free in FedCM. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads. (CVE-2022-2853)\n\n - Use after free in SwiftShader. (CVE-2022-2854)\n\n - Use after free in ANGLE. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-2856)\n\n - Use after free in Blink. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-35\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=858104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=859442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=863512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=865501\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-104.0.5112.101\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-104.0.5112.101\n \nAll Google Chrome users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-104.0.5112.101\n \nAll Microsoft Edge users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/microsoft-edge-104.0.1293.63\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2859\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-33649\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/chromium-bin\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/microsoft-edge\",\n 'unaffected' : make_list(\"ge 104.0.1293.63\"),\n 'vulnerable' : make_list(\"lt 104.0.1293.63\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome / Microsoft Edge\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-03T14:43:24", "description": "A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-20T21:15:00", "type": "cve", "title": "CVE-2022-32861", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32861"], "modified": "2022-09-22T16:58:00", "cpe": [], "id": "CVE-2022-32861", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32861", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-03T14:43:23", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-20T21:15:00", "type": "cve", "title": "CVE-2022-32863", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32863"], "modified": "2023-03-17T02:15:00", "cpe": [], "id": "CVE-2022-32863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32863", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-03T14:43:09", "description": "The issue was addressed with improved UI handling. This issue is fixed in Safari 15.6, iOS 15.6 and iPadOS 15.6. Visiting a maliciously crafted website may leak sensitive data.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-02-27T20:15:00", "type": "cve", "title": "CVE-2022-32784", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32784"], "modified": "2023-03-07T20:27:00", "cpe": [], "id": "CVE-2022-32784", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32784", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-05-08T22:42:13", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.", "cvss3": {}, "published": "2023-05-08T20:15:00", "type": "cve", "title": "CVE-2022-32885", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-32885"], "modified": "2023-05-08T20:15:00", "cpe": [], "id": "CVE-2022-32885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32885", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-06-03T14:43:11", "description": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-23T19:15:00", "type": "cve", "title": "CVE-2022-32792", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2022-32792", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32792", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-09T14:37:36", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2294", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T15:54:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0", "cpe:/a:webrtc_project:webrtc:-", "cpe:/o:fedoraproject:fedora:36", "cpe:/o:fedoraproject:fedora:35"], "id": "CVE-2022-2294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-05-12T10:25:45", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.", "cvss3": {}, "published": "2023-05-08T20:15:00", "type": "debiancve", "title": "CVE-2022-32885", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-32885"], "modified": "2023-05-08T20:15:00", "id": "DEBIANCVE:CVE-2022-32885", "href": "https://security-tracker.debian.org/tracker/CVE-2022-32885", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-03T14:43:53", "description": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-23T19:15:00", "type": "debiancve", "title": "CVE-2022-32792", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792"], "modified": "2022-09-23T19:15:00", "id": "DEBIANCVE:CVE-2022-32792", "href": "https://security-tracker.debian.org/tracker/CVE-2022-32792", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T14:37:26", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2294", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-05-09T13:10:03", "description": "[Unknown description]\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {}, "published": "2023-04-24T00:00:00", "type": "ubuntucve", "title": "CVE-2022-32885", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-32885"], "modified": "2023-04-24T00:00:00", "id": "UB:CVE-2022-32885", "href": "https://ubuntu.com/security/CVE-2022-32885", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T13:19:19", "description": "An out-of-bounds write issue was addressed with improved input validation.\nThis issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6,\nmacOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web\ncontent may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-32792", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-32792", "href": "https://ubuntu.com/security/CVE-2022-32792", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-08T13:45:50", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2294", "href": "https://ubuntu.com/security/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-10-28T11:27:24", "description": "Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. A boundary error in WebKit when handling untrusted input can be exploited by an attacker to execute arbitrary code with root privileges.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "cnvd", "title": "Apple iOS and iPadOS WebKit Buffer Overflow Vulnerability", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-32792"], "modified": "2022-10-28T00:00:00", "id": "CNVD-2022-71996", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-71996", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-06-03T19:49:35", "description": "webkit2gtk is vulnerable to denial of service. The vulnerability exists due to an out-of-bound issue which allows a remote attacker to send maliciously crafted web content that may lead to arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-31T10:13:02", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792"], "modified": "2023-04-27T15:21:20", "id": "VERACODE:36540", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36540/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T20:10:26", "description": "chromium is vulnerable to a heap buffer overflow. The vulnerability allows an attacker to crash the system through potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-17T17:23:34", "type": "veracode", "title": "Heap Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T18:06:53", "id": "VERACODE:36373", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36373/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2023-06-03T16:25:47", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the B3 JIT compiler. By performing actions in JavaScript, an attacker can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-18T00:00:00", "type": "zdi", "title": "(Pwn2Own) Apple Safari Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792"], "modified": "2022-08-18T00:00:00", "id": "ZDI-22-1123", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1123/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-10T07:04:46", "description": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-10T07:04:06", "type": "alpinelinux", "title": "CVE-2022-32792", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792"], "modified": "2023-06-10T07:04:06", "id": "ALPINE:CVE-2022-32792", "href": "https://security.alpinelinux.org/vuln/CVE-2022-32792", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-10T07:04:08", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-10T07:04:06", "type": "alpinelinux", "title": "CVE-2022-2294", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-06-10T07:04:06", "id": "ALPINE:CVE-2022-2294", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-06-09T15:23:00", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T16:32:48", "type": "mscve", "title": "Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-07T07:00:00", "id": "MS:CVE-2022-2294", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-06-09T14:57:33", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at July 05, 2022 3:18am UTC reported:\n\nLooks like this was a heap buffer overflow in WebRTC which could allow for a drive by attack that would grant attackers RCE on a target system. No news as to whether or not this was used with a sandbox escape though, It was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 according to <https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>, yet interestingly <https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html> also note it affects Chrome for Android.\n\nThere is a real world exploit for this out in the wild but given the generally tight lipped news around this and that it was found from a threat intelligence team, I would imagine this may have been used in more targeted attacks, but still widely enough that a threat intelligence team picked up on it. Bit hard to tell though since I hadn\u2019t heard about the Avast Threat Intelligence team prior to this; I imagine its possible one of their customers was targeted selectively and then they found out and notified Google.\n\nWith heap overflow bugs I generally err on the side of \u201cwell these things are harder to exploit\u201d however with browsers you typically have access to a much wider arsenal to use for crafting the heap into a state that is desirable for exploitation purposes, so the risk is a bit higher here. That being said exploitation of such bugs tends to be a little more complex in most cases, particularly given recent mitigations. I\u2019d still recommend patching this one if you can, but if not then you should try to disable WebRTC on your browsers until you can patch given in the wild exploitation.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "attackerkb", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-03T00:00:00", "id": "AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61", "href": "https://attackerkb.com/topics/42OzzPsFw0/cve-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-06-09T15:49:09", "description": "WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability which allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-25T00:00:00", "type": "cisa_kev", "title": "WebRTC Heap Buffer Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-25T00:00:00", "id": "CISA-KEV-CVE-2022-2294", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2022-08-04T20:00:29", "description": "Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Candiru(Saito Tech) spyware used the recently fixed CVE-2022-2294 Chrome zero-day in assaults on journalists, with a substantial portion of the attacks taking place in Lebanon. This recently patched vulnerability in WebRTC is a heap-based buffer overflow. Its successful exploitation may result in code execution on the targeted device.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T06:06:37", "type": "hivepro", "title": "Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T06:06:37", "id": "HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809", "href": "https://www.hivepro.com/spyware-group-candiru-exploits-chrome-zero-day-to-target-middle-east/", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2022-08-03T09:59:40", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhHUSen7gjgQ5i3C-q9vT12dujHW41TWsQeeVN4wsLFAQmcgZRsO8Q3mTYnY-5mLbMge8R31OsaEXXfqM0Netare_I-JSvbNxgMU29R5g37LRVEcub_rs2mLdXBXgq7IiYJSyEfjnDhGF-Bz78B5X9JhDReehsYhhbqLkUVpPksLtku3ko-eJgjj-9i/s728-e100/chrome.jpg>)\n\nThe actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.\n\nCzech cybersecurity firm Avast linked the exploitation to [Candiru](<https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html>) (aka Saito Tech), which has a history of [leveraging previously unknown flaws](<https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html>) to deploy a Windows malware dubbed **DevilsTongue**, a modular implant with [Pegasus](<https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html>)-like capabilities.\n\nCandiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were [added to the entity list](<https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html>) by the U.S. Commerce Department in November 2021 for engaging in \"malicious cyber activities.\"\n\n\"Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties,\" security researcher Jan Vojt\u011b\u0161ek, who reported the discovery of the flaw, [said](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>) in a write-up. \"We believe the attacks were highly targeted.\"\n\nThe vulnerability in question is [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>), memory corruption in the [WebRTC](<https://webrtc.org/>) component of the Google Chrome browser that could lead to shellcode execution. It was addressed by Google on July 4, 2022. The same issue has since been patched by [Apple](<https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html>) and [Microsoft](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>) in Safari and Edge browsers.\n\nThe findings shed light on multiple attack campaigns mounted by the Israeli hack-for-hire vendor, which is said to have returned with a revamped toolset in March 2022 to target users in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjipZHJEu9rZboUnuN5vu4vzlFRiroPcgqPjPovcoi87zmmsxwT6Tw0Ye57y2r6_J3tFLfcRQOK2pEX3SQOvb6rAncsH4TTM_qkGtIQdfVJ_pWihsK_8KLSVuikizgk0g782gAxCstqG-TIxSIoJ5RfRqJgyaVUzMzhpQdJ7wP0mUmFPm_69lPZYZvs/s728-e100/chrome-exploit.jpg>)\n\nThe infection sequence spotted in Lebanon commenced with the attackers compromising a website used by employees of a news agency to inject malicious JavaScript code from an actor-controlled domain that's responsible for redirecting potential victims to an exploit server.\n\nVia this watering hole technique, a profile of the victim's browser, consisting of about 50 data points, is created, including details like language, timezone, screen information, device type, browser plugins, referrer, and device memory, among others.\n\nAvast assessed the information was gathered to ensure that the exploit was being delivered only to the intended targets. Should the collected data be deemed of value by the hackers, the zero-day exploit is then delivered to the victim's machine over an encrypted channel.\n\nThe exploit, in turn, abuses the heap buffer overflow in WebRTC to attain shellcode execution. The zero-day flaw is said to have been chained with a sandbox escape exploit (that was never recovered) to gain an initial foothold, using it to drop the DevilsTongue payload.\n\nWhile the sophisticated malware is capable of recording the victim's webcam and microphone, keylogging, exfiltrating messages, browsing history, passwords, locations, and much more, it has also been observed attempting to escalate its privileges by installing a vulnerable signed kernel driver (\"[HW.sys](<https://www.virustotal.com/gui/file/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5>)\") containing a third zero-day exploit.\n\nEarlier this January, ESET [explained](<https://www.eset.com/int/about/newsroom/press-releases/research/esets-research-into-bring-your-own-vulnerable-driver-details-attacks-on-drivers-in-windows-core-1/>) how vulnerable signed kernel drivers - an approach called Bring Your Own Vulnerable Driver ([BYOVD](<https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/>)) - can become unguarded gateways for malicious actors to gain entrenched access to Windows machines. \n\nThe disclosure comes a week after Proofpoint [revealed](<https://thehackernews.com/2022/07/state-backed-hackers-targeting.html>) that nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware since early 2021.\n\n**_Update:_** Google Project Zero shared the below statement following the publication of the story \u2013\n\n\"CVE-2022-2294 is a memory corruption vulnerability in [libWebRTC](<https://webrtc.org/>), a video conferencing library that is widely used by browsers and mobile applications,\" the search giant's cybersecurity teams said. \"Avast reported that this vulnerability was used to target Google Chrome users in the wild.\"\n\n\"The vulnerability potentially affects other browsers, and was recently [patched](<https://support.apple.com/en-us/HT213341>) in Safari. Many mobile applications also contain the vulnerable code, though it is unclear whether the bug is exploitable. We are not aware of any active exploitation targeting platforms other than Chrome. We greatly appreciate Avast detecting and reporting this issue.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-22T06:40:00", "type": "thn", "title": "Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-03T08:33:23", "id": "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "href": "https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-05T16:25:13", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPIpWOjahlvRij54ICh2NyDdEkKI9koTk4lx8UXqPG1hBOVokLO1jZE7QvnnAHX4fw21sdwK34cVKndChvGxTI0QScuSjwYGvpLSpuK9FSFbuXtXzoaxwm6I78OZwM-uyBKf7_r18ShybiBxFrmBcIKJ7pAD2BPSMaEVwJzpBkK1kNSbrrtJ6AmkPk/s728-e100/chrome-update.jpg>)\n\nGoogle on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.\n\nThe shortcoming, tracked as [**CVE-2022-2294**](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>), relates to a heap overflow flaw in the [WebRTC](<https://en.wikipedia.org/wiki/WebRTC>) component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.\n\nHeap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the [heap area of the memory](<https://en.wikipedia.org/wiki/Memory_management#Manual_memory_management>), leading to arbitrary code execution or a denial-of-service (DoS) condition.\n\n\"Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code,\" MITRE [explains](<https://cwe.mitre.org/data/definitions/122.html>). \"When the consequence is arbitrary code execution, this can often be used to subvert any other security service.\"\n\nCredited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Threat Intelligence team. It's worth pointing out that the bug also [impacts](<https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html>) the Android version of Chrome.\n\nAs is usually the case with zero-day exploitation, details pertaining to the flaw as well as other specifics related to the campaign have been withheld to prevent further abuse in the wild and until a significant chunk of users are updated with a fix.\n\nCVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\nThe disclosure shortly follows a report from Google Project Zero, which [noted](<https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html>) that a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild so far this year.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T02:55:00", "type": "thn", "title": "Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294"], "modified": "2022-07-05T13:54:52", "id": "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "href": "https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-17T15:25:34", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3_bb3VbAiNI0HLVud2PvXV4VExBpknt5lLSc3IAtymjftt7sn5yG-gY7yWqZ7D13YpvQEhW_EH4K62wzm6dC_qDTQQokydIY0LHI2Ivvv6v5ShPJk8fOOoh0yQrASsDwCREknRK5SCrggAETbG4yY7w0t3uG53Dnpf3ckvBXKygsIpNHrnmHDrimR/s728-e100/chrome.png>)\n\nGoogle on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.\n\nTracked as **CVE-2022-2856**, the issue has been described as a case of insufficient validation of untrusted input in [Intents](<https://www.chromium.org/developers/web-intents-in-chrome/>). Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.\n\nAs is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. \"Google is aware that an exploit for CVE-2022-2856 exists in the wild,\" it [acknowledged](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) in a terse statement.\n\nThe latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads.\n\nThe development marks the fifth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n\nUsers are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T12:02:00", "type": "thn", "title": "New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856"], "modified": "2022-08-17T13:41:27", "id": "THN:EDC4E93542AFAF751E67BF527C826DA4", "href": "https://thehackernews.com/2022/08/new-google-chrome-zero-day.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T11:59:02", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEglTR0Ii9L3qtSuDJKc1Sna--9qt_00acsxU4IoPSOvvnV9AYpsHDRBRuGpUvXEBKFk3zIyrtzTLJZui-ibEM8KY0xP5ftNR1W9UV-5y_qDt8tUtfZeiowl-DxjAAUazrSAmy2M-ipK_aDRHBpBeVjyw-V_72rcorKKsv7-bUNu1v3jj5_Rc8TdoRDD/s728-e100/apple.jpg>)\n\nApple on Wednesday rolled out [software fixes](<https://support.apple.com/en-us/HT201222>) for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.\n\nThis includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).\n\nChief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google [disclosed](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi0IORPLATc7sBagS3j2MEfWbfaT564we0HCpQxKyGV5ddTyfN4EXrPRxHhD1MbXvlGLR4KbmQXcsP9XTezTnpdH7V37ZhUsQLaJveId9m4lGa2trimp13A0tDRcJk51jkg7-Q70-Pnmv_4unts53n3uIo15x3DSOurm_ITR2KTT-jYyIgfeas62tSe/s728-e100/apple.jpg>)\n\nBesides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813 and CVE-2022-32815), and WebKit (CVE-2022-32792).\n\nAlso patched is a [Pointer Authentication](<https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html>) bypass affecting the Kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785), and two privilege escalation flaws in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826).\n\nWhat's more, the latest version of macOS resolves five security vulnerabilities in the SMB module that could be potentially exploited by a malicious app to gain elevated privileges, leak sensitive information, and execute arbitrary code with kernel privileges.\n\nUsers of Apple devices are recommended to update to iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 (Big Sur 11.6.8 or 2022-005 Catalina for older generation Macs), tvOS 15.6, and watchOS 8.7 to obtain the latest security protections.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T06:40:00", "type": "thn", "title": "Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-26768", "CVE-2022-32785", "CVE-2022-32792", "CVE-2022-32802", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32815", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32826", "CVE-2022-32829", "CVE-2022-32840", "CVE-2022-32844"], "modified": "2022-07-21T11:31:25", "id": "THN:80C4CCCAB293DD273948D1317EAC8B73", "href": "https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-06T06:03:15", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e100/chrome-update.jpg>)\n\nGoogle on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild.\n\nThe issue, assigned the identifier **CVE-2022-3075**, concerns a case of insufficient data validation in [Mojo](<https://chromium.googlesource.com/chromium/src/+/HEAD/mojo/README.md>), which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).\n\nAn anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,\" the internet giant [said](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>), without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw.\n\nThe latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [CVE-2022-2856](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n\nUsers are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-03T03:56:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "modified": "2022-09-06T04:20:05", "id": "THN:0ADE883013E260B4548F6E16D65487D3", "href": "https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-28T12:06:14", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhv36XpOZ1dAQAOtoI2FJrLTIwbrZmkU8pIotJv8smSt1yHSR5Sbs9DtPNusAAMvajmGc-st695EsqO3w1aNTpm9vxASuSHCLI61DemGb3LaAMW7MDDLo4j30s4iE1DZr2UeTpkEHlUc-WwTo0zqCxLNMlSHPLCRNEDT4wpaWQjgJMl3KhUpK7MKa2Z/s728-e100/chrome-zero-day-vulnerability.jpg>)\n\nGoogle on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser.\n\nThe [vulnerability](<https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html>), tracked as **CVE-2022-3723**, has been described as a type confusion flaw in the V8 JavaScript engine.\n\nSecurity researchers Jan Vojt\u011b\u0161ek, Mil\u00e1nek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild,\" the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks.\n\nCVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) and [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>).\n\nThe latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n\nUsers are recommended to upgrade to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-28T10:40:00", "type": "thn", "title": "Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723"], "modified": "2022-10-28T10:58:12", "id": "THN:222F7713CA968509F8C385BA29B0B6A5", "href": "https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-26T04:08:15", "description": "[ ](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEikPLibtmTn8N2H14UEsCbQi0mXDkp7d4sxfUThlf9SHApnBVQaXlzTa5_Y_GROcH_HN9A8cDTE0iaRtCHiFqthOucxRIZyrjEzXxqkiX0DQPciOOULFnJ0I4aob50-m5id5elUHNKFtdF-5Ep-jdQVcYtFgUVENLsQkZIYWjXsuoDDYF_UBh0lc0o2/s728-e100/chrome-update.png>)\n\nGoogle on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser.\n\nTracked as **CVE-2022-4135**, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.\n\nHeap-based buffer overflow bugs can be [weaponized](<https://cwe.mitre.org/data/definitions/122.html>) by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.\n\n\"Google is aware that an exploit for CVE-2022-4135 exists in the wild,\" the tech giant [acknowledged](<https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html>) in an advisory.\n\nBut like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and to prevent further abuse.\n\nWith the latest update, Google has resolved eight zero-day vulnerabilities in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to upgrade to version 107.0.5304.121 for macOS and Linux and 107.0.5304.121/.122 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-25T13:12:00", "type": "thn", "title": "Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135"], "modified": "2022-11-26T04:07:40", "id": "THN:FFFF05ECDE44C9ED26B53D328B60689B", "href": "https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-05T06:08:51", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi3-1t-O1Y4Oqvj24RGfItVIc7r4d1BOuWfRH4xG5ilh6GX83VydcDH0Fs1xqW5JUvFrpLzvA9ifqmf2lHts3lgA5VStlmb7c1Msk0yFUv5qzEgEjiU3_EPqVJlK4Z6uzMUFoKmnDAHWtOXsYNv7vEG8yG9H-NwH46z-Z7nAKiihKDF7bzl_Y20QXxS/s728-e100/chrome.png>)\n\nSearch giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.\n\nThe high-severity flaw, tracked as [CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>), concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.\n\nType confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.\n\nAccording to the NIST's National Vulnerability Database, the flaw [permits](<https://nvd.nist.gov/vuln/detail/CVE-2022-4262>) a \"remote attacker to potentially exploit heap corruption via a crafted HTML page.\"\n\nGoogle acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.\n\nCVE-2022-4262 is the fourth actively exploited type confusion flaw in Chrome that Google has addressed since the start of the year. It's also the ninth zero-day flaw attackers have exploited in the wild in 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-4135**](<https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html>) \\- Heap buffer overflow in GPU\n\nUsers are recommended to upgrade to version 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-03T04:41:00", "type": "thn", "title": "Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135", "CVE-2022-4262"], "modified": "2022-12-05T04:33:44", "id": "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "href": "https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-30T04:02:42", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgIeK3eJtR_et6MNbj0n-dcpg6m3XLALiJRPrhIA4yGOSfgFp4GFAJFR2Q3o31-tQcQpuVnc_WCTyR9yoih4dgeHa6orUrdUWCpDX1WWtymO1klV2EcDBa4OBds15BKHAGsEW3hPAVQ_HB772TkQVTfNrqyRvm5rY4qOkI7i3UarIAnOVC8LJfIZ0F3/s728-e100/CISA.jpg>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its [Known Exploited Vulnerabilities (KEV) Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), including a high-severity security flaw affecting industrial automation software from Delta Electronics.\n\nThe issue, tracked as [CVE-2021-38406](<https://nvd.nist.gov/vuln/detail/CVE-2021-38406>) (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful exploitation of the flaw may lead to arbitrary code execution.\n\n\"Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution,\" CISA said in an alert.\n\nIt's worth noting that CVE-2021-38406 was originally disclosed as part of an industrial control systems (ICS) advisory [published](<https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02>) in September 2021.\n\nHowever, there are no patches that address the vulnerability, with CISA noting that the \"impacted product is end-of-life and should be disconnected if still in use.\" Federal Civilian Executive Branch (FCEB) agencies are mandated to follow the guideline by September 15, 2022.\n\nNot much information is available about the nature of the attacks that exploit the security bug, but a recent report from Palo Alto Networks Unit 42 [pointed out](<https://unit42.paloaltonetworks.com/recent-exploits-network-security-trends/>) instances of in-the-wild attacks leveraging the flaw between February and April 2022.\n\nThe development adds weight to the notion that adversaries are getting faster at exploiting newly published vulnerabilities when they are first disclosed, leading to indiscriminate and opportunistic scanning attempts that aim to take advantage of delayed patching.\n\nThese attacks often follow a specific sequence for exploitation that involves web shells, crypto miners, botnets, and remote access trojans (RATs), followed by initial access brokers (IABs) that then pave the way for ransomware.\n\nAmong other actively exploited flaws added to the list are as follows -\n\n * [**CVE-2022-26352**](<https://nvd.nist.gov/vuln/detail/CVE-2022-26352>) \\- dotCMS Unrestricted Upload of File Vulnerability\n * [**CVE-2022-24706**](<https://nvd.nist.gov/vuln/detail/CVE-2022-24706>) \\- Apache CouchDB Insecure Default Initialization of Resource Vulnerability\n * [**CVE-2022-24112**](<https://nvd.nist.gov/vuln/detail/cve-2022-24112>) \\- Apache APISIX Authentication Bypass Vulnerability\n * [**CVE-2022-22963**](<https://nvd.nist.gov/vuln/detail/CVE-2022-22963>) \\- VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability\n * [**CVE-2022-2294**](<https://nvd.nist.gov/vuln/detail/CVE-2022-2294>) \\- WebRTC Heap Buffer Overflow Vulnerability\n * [**CVE-2021-39226**](<https://nvd.nist.gov/vuln/detail/CVE-2021-39226>) \\- Grafana Authentication Bypass Vulnerability\n * [**CVE-2020-36193**](<https://nvd.nist.gov/vuln/detail/CVE-2020-36193>) \\- PEAR Archive_Tar Improper Link Resolution Vulnerability\n * [**CVE-2020-28949**](<https://nvd.nist.gov/vuln/detail/CVE-2020-28949>) \\- PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability\n\n### iOS and macOS flaw added to the list\n\nAnother high-severity flaw added to the KEV Catalog is [**CVE-2021-31010**](<https://nvd.nist.gov/vuln/detail/CVE-2021-31010>) (CVSS score: 7.5), a deserialization issue in Apple's Core Telephony component that could be leveraged to circumvent sandbox restrictions.\n\nThe tech giant addressed the shortcoming in iOS 12.5.5, iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6 (and Security Update 2021-005 Catalina), and watchOS 7.6.2 released in September 2021.\n\nWhile there were no indications that the flaw was being exploited at the time, the tech giant appears to have silently revised its advisories on May 25, 2022 to add the vulnerability and confirm that it had indeed been abused in attacks.\n\n\"Apple was aware of a report that this issue may have been actively exploited at the time of release,\" the iPhone maker noted, crediting Citizen Lab and Google Project Zero for the discovery.\n\nThe September update is also notable for [remediating](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) CVE-2021-30858 and CVE-2021-30860, both of which were [employed by NSO Group](<https://thehackernews.com/2021/08/bahraini-activists-targeted-using-new.html>), the makers of the Pegasus spyware, to get around the operating systems' security features.\n\nThis raises the possibility that CVE-2021-31010 may have been stringed together with the aforementioned two flaws in an attack chain to escape the sandbox and achieve arbitrary code execution.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-29T04:23:00", "type": "thn", "title": "CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28949", "CVE-2020-36193", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-31010", "CVE-2021-38406", "CVE-2021-39226", "CVE-2022-2294", "CVE-2022-22963", "CVE-2022-24112", "CVE-2022-24706", "CVE-2022-26352"], "modified": "2022-08-30T03:22:27", "id": "THN:5D50D5AA81EE14FA1044614364EAEBC6", "href": "https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-10-13T22:33:51", "description": "A heap buffer overflow vulnerability exists in Google Chrome WebRTC. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-22T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome WebRTC Heap Buffer Overflow (CVE-2022-2294)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-09-22T00:00:00", "id": "CPAI-2022-0566", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "malwarebytes": [{"lastseen": "2022-07-05T15:58:36", "description": "Google has released version 103.0.5060.114 for Chrome, now available in the [Stable Desktop channel](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) worldwide. The main goal of this new version is to patch CVE-2022-2294.\n\n[CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications (WebRTC) component which is being exploited in the wild. This is the fourth Chrome zero-day to be patched in 2022.\n\n## Heap buffer overflow\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\nA buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.\n\nThe heap is an area of memory made available use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.\n\n## The vulnerability\n\nWebRTC on Chrome is the first true in-browser solution to real-time communications (RTC). It supports video, voice, and generic data to be sent between peers, allowing developers to build powerful voice- and video-communication solutions. The technology is available on all modern browsers as well as on native clients for all major platforms.\n\nA WebRTC application will usually go through a common application flow. Access the media devices, open peer connections, discover peers, and start streaming. Since Google does not disclose details about the vulnerability until everyone has had ample opportunity to install the fix it is unclear in what stage the vulnerability exists.\n\n## How to protect yourself\n\nIf you\u2019re a Chrome user on Windows or Mac, you should update as soon as possible.\n\nThe easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time, given the severity of the vulnerability. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings > About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.\n\n\n\nAfter the update the version should be 103.0.5060.114 or later.\n\n\n\nSince WebRTC is a Chromium component, users of other Chromium based browsers may see a similar update.\n\nStay safe, everyone!\n\nThe post [Update now! Chrome patches ANOTHER zero-day vulnerability](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-07-05T13:56:04", "type": "malwarebytes", "title": "Update now! Chrome patches ANOTHER zero-day vulnerability", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-05T13:56:04", "id": "MALWAREBYTES:6E72426C60EECBEF071E305072060892", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-06T00:03:08", "description": "On Friday, Google [announced](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>) the release of a new version of its Chrome browser that includes a security fix for a zero-day tracked as [CVE-2022-3075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3075>). As with previous announcements, technical details about the vulnerability won't be released until a certain number of Chrome users have already applied the patch.\n\nGoogle is urging its Windows, Mac, and Linux users to update Chrome to version** 105.0.5195.102**.\n\nCVE-2022-3075 is described as an \"[i]nsufficient data validation in Mojo\". According to Chromium documents, Mojo is \"a collection of runtime libraries" that facilitates interfacing standard, low-level interprocess communication (IPC) primitives. Mojo provides a platform-agnostic abstraction of these primitives, which comprise most of Chrome's code.\n\nAn anonymous security researcher is credited for discovering and reporting the flaw.\n\nCVE-2022-3075 is the sixth zero-day Chrome vulnerability Google had to address. The previous ones were:\n\n * [C](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>)[VE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>), a Use-after-Free (UAF) vulnerability, which was patched in February\n * [CVE-2022-1096](<https://www.malwarebytes.com/blog/news/2022/03/update-now-google-releases-emergency-patch-for-chrome-zero-day-used-in-the-wild>), a \"Type Confusion in V8\" vulnerability, which was patched in March\n * [CVE-2022-1364](<https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-zero-day-used-in-attacks/>), a flaw in the V8 JavaScript engine, which was patched in April\n * [CVE-2022-2294](<https://www.malwarebytes.com/blog/news/2022/07/update-now-chrome-patches-another-zero-day-vulnerability>), a flaw in the Web Real-Time Communications (WebRTC), which was patched in July\n * [CVE-2022-2856](<https://www.malwarebytes.com/blog/news/2022/08/update-chrome-now-google-issues-patch-for-zero-day-spotted-in-the-wild>), an insufficient input validation flaw, which was patched in August\n\nGoogle Chrome needs minimum oversight as it updates automatically. However, if you're in the habit of not closing your browser or have extensions that may hinder Chrome from automatically doing this, please check your browser every now and then.\n\nOnce Chrome notifies you of an available update, don't hesitate to download it. The patch is applied once you relaunch the browser.\n\n\n\nStay safe!", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-05T16:30:00", "type": "malwarebytes", "title": "Zero-day puts a dent in Chrome's mojo", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "modified": "2022-09-05T16:30:00", "id": "MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "href": "https://www.malwarebytes.com/blog/news/2022/09/update-chrome-asap-a-new-zero-day-is-already-being-exploited", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-08-17T11:20:23", "description": "\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\n\n* [CVE-2022-32792](https://security-tracker.debian.org/tracker/CVE-2022-32792)\nManfred Paul discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-32816](https://security-tracker.debian.org/tracker/CVE-2022-32816)\nDohyun Lee discovered that visiting a website that frames\n malicious content may lead to UI spoofing.\n\n\nFor Debian 10 buster, these problems have been fixed in version\n2.36.6-1~deb10u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/webkit2gtk>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-32816", "CVE-2022-32792"], "modified": "2022-08-17T11:20:20", "id": "OSV:DLA-3073-1", "href": "https://osv.dev/vulnerability/DLA-3073-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-17T07:18:20", "description": "\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\n\n* [CVE-2022-32792](https://security-tracker.debian.org/tracker/CVE-2022-32792)\nManfred Paul discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-32816](https://security-tracker.debian.org/tracker/CVE-2022-32816)\nDohyun Lee discovered that visiting a website that frames\n malicious content may lead to UI spoofing.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.6-1~deb11u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/webkit2gtk](https://security-tracker.debian.org/tracker/webkit2gtk)\n\n\n", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-32816", "CVE-2022-32792"], "modified": "2022-08-17T07:18:20", "id": "OSV:DSA-5210-1", "href": "https://osv.dev/vulnerability/DSA-5210-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-17T07:18:20", "description": "\nThe following vulnerabilities have been discovered in the WPE WebKit\nweb engine:\n\n\n* [CVE-2022-32792](https://security-tracker.debian.org/tracker/CVE-2022-32792)\nManfred Paul discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-32816](https://security-tracker.debian.org/tracker/CVE-2022-32816)\nDohyun Lee discovered that visiting a website that frames\n malicious content may lead to UI spoofing.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.6-1~deb11u1.\n\n\nWe recommend that you upgrade your wpewebkit packages.\n\n\nFor the detailed security status of wpewebkit please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/wpewebkit](https://security-tracker.debian.org/tracker/wpewebkit)\n\n\n", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "osv", "title": "wpewebkit - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-32816", "CVE-2022-32792"], "modified": "2022-08-17T07:18:20", "id": "OSV:DSA-5211-1", "href": "https://osv.dev/vulnerability/DSA-5211-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:21:05", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-07-11T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2296", "CVE-2022-2294", "CVE-2022-2295"], "modified": "2022-08-10T07:21:00", "id": "OSV:DSA-5180-1", "href": "https://osv.dev/vulnerability/DSA-5180-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-03T13:15:22", "description": "\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\n\n* [CVE-2022-0108](https://security-tracker.debian.org/tracker/CVE-2022-0108)\nLuan Herrera discovered that an HTML document may be able to\n render iframes with sensitive user information.\n* [CVE-2022-32885](https://security-tracker.debian.org/tracker/CVE-2022-32885)\nP1umer and Q1IQ discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2023-27932](https://security-tracker.debian.org/tracker/CVE-2023-27932)\nAn anonymous researcher discovered that processing maliciously\n crafted web content may bypass Same Origin Policy.\n* [CVE-2023-27954](https://security-tracker.debian.org/tracker/CVE-2023-27954)\nAn anonymous researcher discovered that a website may be able to\n track sensitive user information.\n* [CVE-2023-28205](https://security-tracker.debian.org/tracker/CVE-2023-28205)\nClement Lecigne and Donncha O Cearbhaill discovered that\n processing maliciously crafted web content may lead to arbitrary\n code execution. Apple is aware of a report that this issue may\n have been actively exploited.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.40.1-1~deb11u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/webkit2gtk](https://security-tracker.debian.org/tracker/webkit2gtk)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-03T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-03T13:15:21", "id": "OSV:DSA-5396-1", "href": "https://osv.dev/vulnerability/DSA-5396-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-03T13:15:24", "description": "\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\n\n* [CVE-2022-0108](https://security-tracker.debian.org/tracker/CVE-2022-0108)\nLuan Herrera discovered that an HTML document may be able to\n render iframes with sensitive user information.\n* [CVE-2022-32885](https://security-tracker.debian.org/tracker/CVE-2022-32885)\nP1umer and Q1IQ discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2023-27932](https://security-tracker.debian.org/tracker/CVE-2023-27932)\nAn anonymous researcher discovered that processing maliciously\n crafted web content may bypass Same Origin Policy.\n* [CVE-2023-27954](https://security-tracker.debian.org/tracker/CVE-2023-27954)\nAn anonymous researcher discovered that a website may be able to\n track sensitive user information.\n* [CVE-2023-28205](https://security-tracker.debian.org/tracker/CVE-2023-28205)\nClement Lecigne and Donncha O Cearbhaill discovered that\n processing maliciously crafted web content may lead to arbitrary\n code execution. Apple is aware of a report that this issue may\n have been actively exploited.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.38.6-1~deb11u1.\n\n\nWe recommend that you upgrade your wpewebkit packages.\n\n\nFor the detailed security status of wpewebkit please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/wpewebkit](https://security-tracker.debian.org/tracker/wpewebkit)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-03T00:00:00", "type": "osv", "title": "wpewebkit - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-03T13:15:22", "id": "OSV:DSA-5397-1", "href": "https://osv.dev/vulnerability/DSA-5397-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-12T14:14:17", "description": "\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\n\n* [CVE-2022-0108](https://security-tracker.debian.org/tracker/CVE-2022-0108)\nLuan Herrera discovered that an HTML document may be able to\n render iframes with sensitive user information.\n* [CVE-2022-32885](https://security-tracker.debian.org/tracker/CVE-2022-32885)\nP1umer and Q1IQ discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2023-27932](https://security-tracker.debian.org/tracker/CVE-2023-27932)\nAn anonymous researcher discovered that processing maliciously\n crafted web content may bypass Same Origin Policy.\n* [CVE-2023-27954](https://security-tracker.debian.org/tracker/CVE-2023-27954)\nAn anonymous researcher discovered that a website may be able to\n track sensitive user information.\n* [CVE-2023-28205](https://security-tracker.debian.org/tracker/CVE-2023-28205)\nClement Lecigne and Donncha O Cearbhaill discovered that\n processing maliciously crafted web content may lead to arbitrary\n code execution. Apple is aware of a report that this issue may\n have been actively exploited.\n\n\nFor Debian 10 buster, these problems have been fixed in version\n2.38.6-0+deb10u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/webkit2gtk>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-12T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-12T10:17:51", "id": "OSV:DLA-3419-1", "href": "https://osv.dev/vulnerability/DLA-3419-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2022-11-08T06:09:37", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n - Update to version 2.36.5 (bsc#1201980):\n - Add support for PAC proxy in the WebDriver implementation.\n - Fix video playback when loaded through custom URIs, this fixes video\n playback in the Yelp documentation browser.\n - Fix WebKitWebView::context-menu when using GTK4.\n - Fix LTO builds with GCC.\n - Fix several crashes and rendering issues.\n\n - Security fixes:\n - CVE-2022-32792: Fixed processing maliciously crafted web content may\n lead to arbitrary code execution.\n - CVE-2022-32816: Fixed visiting a website that frames malicious content\n may lead to UI spoofing.\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2826=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2826=1\n\n - SUSE Linux Enterprise Module for Desktop Applications 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2826=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2826=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-16T00:00:00", "id": "SUSE-SU-2022:2826-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6GX5PJNXR43PC4SEJ36ZQLP2LV4U4JZD/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-08T06:09:37", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n - Update to version 2.36.5 (bsc#1201980):\n - Add support for PAC proxy in the WebDriver implementation.\n - Fix video playback when loaded through custom URIs, this fixes video\n playback in the Yelp documentation browser.\n - Fix WebKitWebView::context-menu when using GTK4.\n - Fix LTO builds with GCC.\n - Fix several crashes and rendering issues.\n\n - Security fixes:\n - CVE-2022-32792: Fixed processing maliciously crafted web content may\n lead to arbitrary code execution.\n - CVE-2022-32816: Fixed visiting a website that frames malicious content\n may lead to UI spoofing.\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2820=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2820=1\n\n - SUSE Manager Server 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2820=1\n\n - SUSE Manager Retail Branch Server 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2820=1\n\n - SUSE Manager Proxy 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2820=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP2:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2820=1\n\n - SUSE Linux Enterprise Server 15-SP2-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2820=1\n\n - SUSE Linux Enterprise Server 15-SP2-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2820=1\n\n - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2820=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2820=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2820=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2820=1\n\n - SUSE Enterprise Storage 7:\n\n zypper in -t patch SUSE-Storage-7-2022-2820=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-16T00:00:00", "id": "SUSE-SU-2022:2820-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XIWEITOCQGPPI2GQRADRQ7R2JFXOHNHM/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T21:00:13", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 103.0.5060.114 (boo#1201216)\n\n * CVE-2022-2294: Heap buffer overflow in WebRTC\n * CVE-2022-2295: Type Confusion in V8\n * CVE-2022-2296: Use after free in Chrome OS Shell\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10055=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10055=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10055-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5LTW7LEHL5JFGRUX2J7S5CEEACPAUP/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-08T04:08:17", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 88.0.4412.74:\n\n - DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches\n\n Update to 88.0.4412.53\n\n - DNA-99108 [Lin] Options on video pop out not possible to change\n - DNA-99832 On automatic video popout, close button should not stop video\n - DNA-99833 Allow turning on and off of each 'BABE' section from gear\n icon\n - DNA-99852 Default browser in Mac installer\n - DNA-99993 Crashes in AudioFileReaderTest,\n FFmpegAACBitstreamConverterTest\n - DNA-100045 iFrame Exception not unblocked with Acceptable Ads\n - DNA-100291 Update snapcraft uploading/releasing in scripts to use\n craft store\n\n Changes in 88.0.4412.40\n\n - CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115\n - DNA-99713 Sizing issues with video conferencing controls in PiP window\n - DNA-99831 Add 'back to tab' button like on video pop-out\n\n - The update to chromium 102.0.5005.115 fixes following issues:\n CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011\n\n Changes in 88.0.4412.27\n\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n - DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412\n - DNA-99969 Promote O88 to stable\n\n - Complete Opera 88.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-88/\n\n Update to 87.0.4390.45\n\n - DNA-99478 Top Sites don\ufffd\ufffd\ufffdt always has big icon\n - DNA-99702 Enable Acceptable Ads for stable stream\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n\n - Update to 87.0.4390.36\n - CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67\n - DNA-99190 Investigate windows installer signature errors on win7\n - DNA-99502 Sidebar \ufffd\ufffd\ufffd API to open panels\n - DNA-99593 Report sad tab displayed counts per kind\n - DNA-99628 Personalized Speed Dial context menu issue fix\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10057-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T22:08:22", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with running auth\n session\n - DNA-100649 \ufffd\ufffd\ufffdSign out\ufffd\ufffd\ufffd from settings doesn\ufffd\ufffd\ufffdt also sign out from\n auth\n - DNA-100653 VPN Badge popup \ufffd\ufffd\ufffd not working well with different page\n zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase in settings\n - DNA-100799 VPN icon is \ufffd\ufffd\ufffdpro\ufffd\ufffd\ufffd on disconnected\n - DNA-100841 Remove Get Subscription and Get button from VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)\n\n - The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n opera was updated to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n opera was updated to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling gets\n triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \"emailaggressive\"\n - DNA-100716 Misstype Settings \"Enhanced address bar\"\n - DNA-100732 Fix & escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n - The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n opera was updated to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n - Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n opera was updated to 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\ufffd\ufffd\ufffdt open on Linux\n - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce\n (base::internal::BindStateBase*, scoped_refptr<T>&&)\n - DNA-100607 Sync \ufffd\ufffd\ufffdSign in\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work with Opera Account\n popup\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10087=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-16T00:00:00", "id": "OPENSUSE-SU-2022:10087-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T22:08:22", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with running auth\n session\n - DNA-100649 \ufffd\ufffd\ufffdSign out\ufffd\ufffd\ufffd from settings doesn\ufffd\ufffd\ufffdt also sign out from\n auth\n - DNA-100653 VPN Badge popup \ufffd\ufffd\ufffd not working well with different page\n zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase in settings\n - DNA-100799 VPN icon is \ufffd\ufffd\ufffdpro\ufffd\ufffd\ufffd on disconnected\n - DNA-100841 Remove Get Subscription and Get button from VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)\n\n - The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n - Update to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n - Update to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling gets\n triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \"emailaggressive\"\n - DNA-100716 Misstype Settings \"Enhanced address bar\"\n - DNA-100732 Fix & escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n - The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n - Update to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n - Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n - Changes in 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\ufffd\ufffd\ufffdt open on Linux\n - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce\n (base::internal::BindStateBase*, scoped_refptr<T>&&)\n - DNA-100607 Sync \ufffd\ufffd\ufffdSign in\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work with Opera Account\n popup\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10088=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-16T00:00:00", "id": "OPENSUSE-SU-2022:10088-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-05-02T19:42:44", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-3073-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nAugust 17, 2022 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nVersion : 2.36.6-1~deb10u1\nCVE ID : CVE-2022-32792 CVE-2022-32816\n\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\nCVE-2022-32792\n\n Manfred Paul discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-32816\n\n Dohyun Lee discovered that visiting a website that frames\n malicious content may lead to UI spoofing.\n\nFor Debian 10 buster, these problems have been fixed in version\n2.36.6-1~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T10:39:21", "type": "debian", "title": "[SECURITY] [DLA 3073-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-17T10:39:21", "id": "DEBIAN:DLA-3073-1:E36D1", "href": "https://lists.debian.org/debian-lts-announce/2022/08/msg00005.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-05T14:22:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5210-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nAugust 16, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2022-32792 CVE-2022-32816\n\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\nCVE-2022-32792\n\n Manfred Paul discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-32816\n\n Dohyun Lee discovered that visiting a website that frames\n malicious content may lead to UI spoofing.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.6-1~deb11u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T21:53:19", "type": "debian", "title": "[SECURITY] [DSA 5210-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-16T21:53:19", "id": "DEBIAN:DSA-5210-1:35DB1", "href": "https://lists.debian.org/debian-security-announce/2022/msg00179.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-05T14:22:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5211-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nAugust 16, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpewebkit\nCVE ID : CVE-2022-32792 CVE-2022-32816\n\nThe following vulnerabilities have been discovered in the WPE WebKit\nweb engine:\n\nCVE-2022-32792\n\n Manfred Paul discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-32816\n\n Dohyun Lee discovered that visiting a website that frames\n malicious content may lead to UI spoofing.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.6-1~deb11u1.\n\nWe recommend that you upgrade your wpewebkit packages.\n\nFor the detailed security status of wpewebkit please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpewebkit\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T21:54:44", "type": "debian", "title": "[SECURITY] [DSA 5211-1] wpewebkit security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-16T21:54:44", "id": "DEBIAN:DSA-5211-1:03E97", "href": "https://lists.debian.org/debian-security-announce/2022/msg00180.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-05T14:23:25", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5180-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 11, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2294 CVE-2022-2295 CVE-2022-2296\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-11T17:47:32", "type": "debian", "title": "[SECURITY] [DSA 5180-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-11T17:47:32", "id": "DEBIAN:DSA-5180-1:E631C", "href": "https://lists.debian.org/debian-security-announce/2022/msg00148.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T22:09:51", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5396-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nMay 03, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954\n CVE-2023-28205\n\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\nCVE-2022-0108\n\n Luan Herrera discovered that an HTML document may be able to\n render iframes with sensitive user information.\n\nCVE-2022-32885\n\n P1umer and Q1IQ discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2023-27932\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may bypass Same Origin Policy.\n\nCVE-2023-27954\n\n An anonymous researcher discovered that a website may be able to\n track sensitive user information.\n\nCVE-2023-28205\n\n Clement Lecigne and Donncha O Cearbhaill discovered that\n processing maliciously crafted web content may lead to arbitrary\n code execution. Apple is aware of a report that this issue may\n have been actively exploited.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.40.1-1~deb11u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-03T09:20:33", "type": "debian", "title": "[SECURITY] [DSA 5396-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-03T09:20:33", "id": "DEBIAN:DSA-5396-1:6E347", "href": "https://lists.debian.org/debian-security-announce/2023/msg00086.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T22:09:48", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5397-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nMay 03, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpewebkit\nCVE ID : CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954\n CVE-2023-28205\n\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\nCVE-2022-0108\n\n Luan Herrera discovered that an HTML document may be able to\n render iframes with sensitive user information.\n\nCVE-2022-32885\n\n P1umer and Q1IQ discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2023-27932\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may bypass Same Origin Policy.\n\nCVE-2023-27954\n\n An anonymous researcher discovered that a website may be able to\n track sensitive user information.\n\nCVE-2023-28205\n\n Clement Lecigne and Donncha O Cearbhaill discovered that\n processing maliciously crafted web content may lead to arbitrary\n code execution. Apple is aware of a report that this issue may\n have been actively exploited.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.38.6-1~deb11u1.\n\nWe recommend that you upgrade your wpewebkit packages.\n\nFor the detailed security status of wpewebkit please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpewebkit\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-03T09:38:25", "type": "debian", "title": "[SECURITY] [DSA 5397-1] wpewebkit security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-03T09:38:25", "id": "DEBIAN:DSA-5397-1:3771E", "href": "https://lists.debian.org/debian-security-announce/2023/msg00087.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2022-09-27T22:05:22", "description": "Arch Linux Security Advisory ASA-202207-2\n=========================================\n\nSeverity: Critical\nDate : 2022-07-29\nCVE-ID : CVE-2022-32792 CVE-2022-32816\nPackage : wpewebkit\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2789\n\nSummary\n=======\n\nThe package wpewebkit before version 2.36.5-1 is vulnerable to multiple\nissues including arbitrary code execution and content spoofing.\n\nResolution\n==========\n\nUpgrade to 2.36.5-1.\n\n# pacman -Syu \"wpewebkit>=2.36.5-1\"\n\nThe problems have been fixed upstream in version 2.36.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2022-32792 (arbitrary code execution)\n\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution.\n\n- CVE-2022-32816 (content spoofing)\n\nVisiting a website that frames malicious content may lead to UI\nspoofing.\n\nImpact\n======\n\nAn attacker is able to remotely execute arbitrary code on an affected\nhost and spoof a website's content by using maliciously crafted web\ncontent.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2022-0007.html\nhttps://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792\nhttps://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816\nhttps://security.archlinux.org/CVE-2022-32792\nhttps://security.archlinux.org/CVE-2022-32816\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-29T00:00:00", "type": "archlinux", "title": "[ASA-202207-2] wpewebkit: multiple issues", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-07-29T00:00:00", "id": "ASA-202207-2", "href": "https://security.archlinux.org/ASA-202207-2", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-27T22:05:22", "description": "Arch Linux Security Advisory ASA-202207-4\n=========================================\n\nSeverity: Critical\nDate : 2022-07-29\nCVE-ID : CVE-2022-32792 CVE-2022-32816\nPackage : webkit2gtk-4.1\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2791\n\nSummary\n=======\n\nThe package webkit2gtk-4.1 before version 2.36.5-1 is vulnerable to\nmultiple issues including arbitrary code execution and content\nspoofing.\n\nResolution\n==========\n\nUpgrade to 2.36.5-1.\n\n# pacman -Syu \"webkit2gtk-4.1>=2.36.5-1\"\n\nThe problems have been fixed upstream in version 2.36.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2022-32792 (arbitrary code execution)\n\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution.\n\n- CVE-2022-32816 (content spoofing)\n\nVisiting a website that frames malicious content may lead to UI\nspoofing.\n\nImpact\n======\n\nAn attacker is able to remotely execute arbitrary code on an affected\nhost and spoof a website's content by using maliciously crafted web\ncontent.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2022-0007.html\nhttps://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792\nhttps://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816\nhttps://security.archlinux.org/CVE-2022-32792\nhttps://security.archlinux.org/CVE-2022-32816\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-29T00:00:00", "type": "archlinux", "title": "[ASA-202207-4] webkit2gtk-4.1: multiple issues", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-07-29T00:00:00", "id": "ASA-202207-4", "href": "https://security.archlinux.org/ASA-202207-4", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-27T22:05:17", "description": "Arch Linux Security Advisory ASA-202207-1\n=========================================\n\nSeverity: Critical\nDate : 2022-07-29\nCVE-ID : CVE-2022-32792 CVE-2022-32816\nPackage : webkit2gtk-5.0\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2792\n\nSummary\n=======\n\nThe package webkit2gtk-5.0 before version 2.36.5-1 is vulnerable to\nmultiple issues including arbitrary code execution and content\nspoofing.\n\nResolution\n==========\n\nUpgrade to 2.36.5-1.\n\n# pacman -Syu \"webkit2gtk-5.0>=2.36.5-1\"\n\nThe problems have been fixed upstream in version 2.36.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2022-32792 (arbitrary code execution)\n\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution.\n\n- CVE-2022-32816 (content spoofing)\n\nVisiting a website that frames malicious content may lead to UI\nspoofing.\n\nImpact\n======\n\nAn attacker is able to remotely execute arbitrary code on an affected\nhost and spoof a website's content by using maliciously crafted web\ncontent.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2022-0007.html\nhttps://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792\nhttps://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816\nhttps://security.archlinux.org/CVE-2022-32792\nhttps://security.archlinux.org/CVE-2022-32816\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-29T00:00:00", "type": "archlinux", "title": "[ASA-202207-1] webkit2gtk-5.0: multiple issues", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-07-29T00:00:00", "id": "ASA-202207-1", "href": "https://security.archlinux.org/ASA-202207-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-27T22:05:16", "description": "Arch Linux Security Advisory ASA-202207-3\n=========================================\n\nSeverity: Critical\nDate : 2022-07-29\nCVE-ID : CVE-2022-32792 CVE-2022-32816\nPackage : webkit2gtk\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2790\n\nSummary\n=======\n\nThe package webkit2gtk before version 2.36.5-1 is vulnerable to\nmultiple issues including arbitrary code execution and content\nspoofing.\n\nResolution\n==========\n\nUpgrade to 2.36.5-1.\n\n# pacman -Syu \"webkit2gtk>=2.36.5-1\"\n\nThe problems have been fixed upstream in version 2.36.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2022-32792 (arbitrary code execution)\n\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution.\n\n- CVE-2022-32816 (content spoofing)\n\nVisiting a website that frames malicious content may lead to UI\nspoofing.\n\nImpact\n======\n\nAn attacker is able to remotely execute arbitrary code on an affected\nhost and spoof a website's content by using maliciously crafted web\ncontent.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2022-0007.html\nhttps://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792\nhttps://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816\nhttps://security.archlinux.org/CVE-2022-32792\nhttps://security.archlinux.org/CVE-2022-32816\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-29T00:00:00", "type": "archlinux", "title": "[ASA-202207-3] webkit2gtk: multiple issues", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-07-29T00:00:00", "id": "ASA-202207-3", "href": "https://security.archlinux.org/ASA-202207-3", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-06-03T15:07:31", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-31T01:39:53", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: webkit2gtk3-2.36.5-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-07-31T01:39:53", "id": "FEDORA:D921930742B0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7REYPNXMDAXB6WOJTIC4P5YNI6M2OYG3/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:07:31", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T01:42:44", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: webkit2gtk3-2.36.6-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-16T01:42:44", "id": "FEDORA:2388E3047E08", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W3FJA7KORNLDSK3L4NW4AMEDRAG5NQY7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T18:44:03", "description": "WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-01T01:29:12", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: webkitgtk-2.40.1-1.fc37", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-01T01:29:12", "id": "FEDORA:59B6820C6D43", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T18:44:03", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-05T14:44:03", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: webkit2gtk3-2.40.1-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-05T14:44:03", "id": "FEDORA:5A5E120C65F1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T18:44:03", "description": "WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-04-22T00:49:55", "type": "fedora", "title": "[SECURITY] Fedora 38 Update: webkitgtk-2.40.1-1.fc38", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0108", "CVE-2022-32885", "CVE-2023-25358", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-04-22T00:49:55", "id": "FEDORA:0AA80217E4B2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T15:23:51", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:28:06", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-103.0.5060.114-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-28T01:28:06", "id": "FEDORA:29E5830A072A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T15:23:51", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:30:57", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-103.0.5060.114-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-28T01:30:57", "id": "FEDORA:1AA1C30A3C1B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-06-09T15:17:11", "description": "### *Detect date*:\n07/06/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) \n[CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Critical \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Critical\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T00:00:00", "type": "kaspersky", "title": "KLA12579 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2023-03-28T00:00:00", "id": "KLA12579", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12579/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T15:16:56", "description": "### *Detect date*:\n07/14/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nOpera earlier than 89.0.4447.48\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for 89](<https://blogs.opera.com/desktop/changelog-for-89/#b4447.48>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Critical \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Critical \n[CVE-2022-2296](<https://vulners.com/cve/CVE-2022-2296>)5.0Critical", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-14T00:00:00", "type": "kaspersky", "title": "KLA12587 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-09-02T00:00:00", "id": "KLA12587", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12587/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T15:17:12", "description": "### *Detect date*:\n07/04/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 103.0.5060.114\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Critical \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Critical \n[CVE-2022-2296](<https://vulners.com/cve/CVE-2022-2296>)5.0Critical", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "kaspersky", "title": "KLA12578 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-09-02T00:00:00", "id": "KLA12578", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12578/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2023-06-09T20:08:01", "description": "Hi, everyone! We've just released Chrome 103 (103.0.5060.71) for Android: it'll become [available on Google Play](<https://play.google.com/store/apps/details?id=com.android.chrome>) over the next few days.\n\nThis release includes security,stability and performance improvements. You can see a full list of the changes in the [Git log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.70..103.0.5060.71?pretty=fuller&n=10000>). \n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [3](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$TBD][[1327312](<https://crbug.com/1341043>)] High CVE-2022-2294: Heap buffer overflow in WebRTC.\n\n[$7500][[1336869](<https://crbug.com/1336869>)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-2294 exists in the wild.\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1341569](<https://crbug.com/1341569>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL.\n\nIf you find a new issue, please let us know by [filing a bug](<https://code.google.com/p/chromium/issues/entry?template=Android%20Issue>). \n\n\n\nKrishna Govind \n[Google Chrome](<https://www.google.com/chrome/>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "chrome", "title": "Chrome for Android Update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2022-07-04T00:00:00", "id": "GCSA-7720125337817983232", "href": "https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T20:08:01", "description": "The Stable channel has been updated to 103.0.5060.114 for Windows. which will roll out over the coming days/weeks. \n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.53..103.0.5060.114?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [4](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n[$TBD][[1341043](<https://crbug.com/1341043>)] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 \n\n[$7500][[1336869](<https://crbug.com/1336869>)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16 \n\n[$3000][[1327087](<https://crbug.com/1327087>)] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 \n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-2294 exists in the wild.\n\n\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1338205](<https://crbug.com/1338205>)] Various fixes from internal audits, fuzzing and other initiatives\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-04T00:00:00", "id": "GCSA-5089288012050676645", "href": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-09T15:15:54", "description": "\n\nChrome Releases reports:\n\nThis release contains 4 security fixes, including:\n\n[1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01\n[1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16\n[1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-04T00:00:00", "id": "744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-06-09T15:20:26", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.\n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.36.7\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-31T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "id": "GLSA-202208-39", "href": "https://security.gentoo.org/glsa/202208-39", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T18:27:07", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.\n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.40.1\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-30T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32885", "CVE-2022-32886", "CVE-2022-32888", "CVE-2022-32891", "CVE-2022-32923", "CVE-2022-42799", "CVE-2022-42823", "CVE-2022-42824", "CVE-2022-42826", "CVE-2022-42852", "CVE-2022-42856", "CVE-2022-42863", "CVE-2022-42867", "CVE-2022-46691", "CVE-2022-46692", "CVE-2022-46698", "CVE-2022-46699", "CVE-2022-46700", "CVE-2023-23517", "CVE-2023-23518", "CVE-2023-23529", "CVE-2023-25358", "CVE-2023-25360", "CVE-2023-25361", "CVE-2023-25362", "CVE-2023-25363", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28205"], "modified": "2023-05-30T00:00:00", "id": "GLSA-202305-32", "href": "https://security.gentoo.org/glsa/202305-32", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T15:20:30", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-104.0.5112.101\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-104.0.5112.101\"\n \n\nAll Google Chrome users should upgrade to tha latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-104.0.5112.101\"\n \n\nAll Microsoft Edge users should upgrade to tha latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/microsoft-edge-104.0.1293.63\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-21T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-35796"], "modified": "2022-08-21T00:00:00", "id": "GLSA-202208-35", "href": "https://security.gentoo.org/glsa/202208-35", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "trellix": [{"lastseen": "2022-08-03T00:00:00", "description": "# The Bug Report \u2013 July 2022 Edition \n\nBy Jesse Chick and Kasimir Schulz \u00b7 August 3, 2022\n\n## Your Cybersecurity Comic Relief\n\n\n\n### Why am I here?\n\nWelcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at it again, trawling for this month's spiciest software-defined mishaps for your schadenfreudian pleasure. (Or, rather, we made the intern do it.) So crank up the AC, kick your feet up with your cold beverage of choice, and enjoy the cream of July\u2019s vulnerability crop.\n\nFortunately, most of the vulnerabilities that we report cannot cause fires no matter how they are abused. This month, however, we have something special for you with CVE-2022-2107. But don\u2019t worry, if that\u2019s too hot for you to handle we also have two more vulnerabilities that cause headaches:\n\n * CVE-2022-2294: WebRTC\n * CVE-2022-2107: MiCODUS MV720\n * CVE-2022-20857: Cisco Nexus Dashboard\n\n## CVE-2022-2294: Heaps of 4th of July fun in Mountain View!\n\n### What is it?\n\nWe have all heard and rolled our eyes at the banal adage that money cannot buy happiness (unless, of course, you are in Las Vegas). Money also cannot buy immunity from critical browser vulnerabilities, as one of the richest companies in the world learned once again earlier this month. While we in the United States were out celebrating Independence Day\u2014or \u201cGood-riddance Day,\u201d as it's known across the Pond\u2014Google was busy hustling out a patch for a high-severity heap-based buffer overflow ([CWE-122](<https://cwe.mitre.org/data/definitions/122.html>)) in WebRTC. \n\nIf you are like us and have seen \u201cWebRTC\u201d crop up in technical documentation time and time again without sufficient cause to look up what it is, here is all you need to know. WebRTC stands for Web Real-Time Communication. It is used in most common browsers (including, most notably for us, Google Chrome) to enable browser-to-browser video and audio streams without the need for plugins or other third-party installations. It is enabled by default in Chrome.\n\n### Who cares?\n\nIf you are reading this article, you\u2019re using a web browser. If I were to guess, you are viewing this article with Chrome and, according to [statcounter](<https://gs.statcounter.com/browser-market-share>), I\u2019d be right about two out of three times. Although the existing proof of concept (POC) referenced below was tailored to Chrome running on Windows hosts, it is likely that all browsers leveraging WebRTC are vulnerable to similar exploitation. This list includes Safari and Edge, the runners-up in the Chrome-dominated browser market. And it\u2019s not just desktop applications; this vulnerability affects Android devices as well. You get the idea. True enough, an attacker will almost surely need to go to all the effort of concocting an elaborate attack chain around CVE-2022-2294 to do serious damage. Still, how safe does that make you feel?\n\nDue to the give-and-take nature of responsible disclosure, very few details about the precise nature of the vulnerability tracked as CVE-2022-2294 have reached the public domain. What we do know for certain, thanks to some crafty forensic work from security researchers with Avast, is that this vulnerability has been exploited in the wild numerous times by known threat actors as part of a larger, targeted attack chain deployed against specific organizations in the Middle East.\n\nPerhaps the most accessible path to appreciating the potential impact of this on information security is through a cursory understanding of the event which led Avast to report the vulnerability to Google in the first place. Attackers were able to gain initial access to a Lebanese news agency\u2019s protected network via cross-site scripting (XSS). Their malicious JavaScript then scanned the set of accessible hosts for indications of vulnerability to CVE-2022-2294, delivering the exploit with precision. The shellcode execution achieved via WebRTC was used to deliver a sophisticated form of spyware known, graphically, as DevilsTongue, which was injected into the victim\u2019s kernel to furtively siphon off private data to the attackers. The good people at Avast elaborate further on the details of CVE-2022-2294's discovery and its in-the-wild exploitation in [their own blog](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>).\n\n### What can I do?\n\nLuckily for us, Google engineers don\u2019t like fireworks and pushed out a patch within days of initial disclosure. Microsoft followed suit the following day (July 5) with a patch for Edge, and Apple, taking its sweet time, patched Safari on the 20th. If you have automatic browser updates enabled (which you probably should, hint hint), you are already impervious to this piece of mischief. Chrome users who prefer manual updates should ensure they are running version [103.0.5060.114](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) or newer.\n\n## CVE-2022-2107: Anyone know a good automotive exorcist?\n\n### What is it?\n\nLet's be honest, hacker movies piss us off. Simply enter the master password and you\u2019re in? Give us a break. Well, looks like Hollywood isn\u2019t that far off after all. CVE-2022-2107 is a hardcoded key in the API server belonging to MiCODUS, a company that sells professional GPS trackers. This CVE may just be a hardcoded key in the API server, but it allows attackers unauthenticated access to log into the web server, to impersonate users, and directly send commands to the GPS trackers of MiCODUS MV720 devices. Rather than logging in and obtaining a key, attackers can use the hardcoded key when accessing API endpoints. CVE-2022-2107 gives attackers power on par with Jeff Goldblum in Independence Day, letting a hacker use any device with internet capabilities to take down entire fleets of vehicles. By using the hardcoded key an attacker can cut off fuel to vehicles, enable and disable alarms, and track the vehicles\u2019 GPS location in real time. The key also allows attackers to access and modify all other data such as routes and geofences. Now, I know what you must be thinking, this sounds too good to be true, there must be some catch or some sort of condition for when this vulnerability can be exploited, and you would be right. In order to target the GPS trackers an attacker will need to know the device ID, but sadly for the users, this is sequentially generated.\n\nAlready sweating like Ted Striker in Airplane? Well... [BitSight](<https://www.bitsight.com/>), the company that reported this CVE, reported [several](<https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf>) other vulnerabilities including information about device usage and vulnerable attack surfaces. Among these vulnerabilities was a way to send commands directly to the tracker (CVE-2022-2141) allowing an attacker to execute commands if they had the password for the device. BitSight also found that since the device did not prompt the users to change their password, most (94.5% of the sample) devices used the default password of 123456. \n\n### Who cares?\n\nAre you part of a Fortune 50 company in energy, oil, or gas? How about a national government or law enforcement agency? Maybe you are part of a manufacturing conglomerate? No? So, then you think that you probably shouldn\u2019t worry about this vulnerability, right? Wrong. Not only does the vulnerability have the potential to shut down entire supply chains by turning off fleets of cars, but the vulnerability also allows attackers to shut off cars potentially causing accidents on the road resulting in potential injuries. Over the course of several months, BitSight gathered data and identified differences in the usage of the MiCODUS devices throughout the globe as seen in the graphic below.\n\nIn their report, BitSight published proof of concept attacks for each reported vulnerability along with publishing the hardcoded key for the API server. BitSight first contacted MiCODUS on September 9, 2021, however, luckily for malicious actors, MiCODUS has been slower than congressional proceedings when it has come to patching. As of the writing of this blog the hardcoded key can still be used to access any API endpoint injunction with the device ID. Device IDs are easy to guess through brute force methods as they are sequentially generated based on the format 72011XXXXXX. \n\n Geographical differences in sector usages found by [BitSight](<https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf>) \n\n\n### What can I do?\n\nIf you have read our bug reports in the past you know that normally our advice is to Patch, Patch, Patch!! However, with this CVE there is nothing that the average users can do other than disable their devices. The vulnerability described in CVE-2022-2107 exists within MiCODUS\u2019s server and can only be patched by them. For users and organizations hosting their own API server, make sure that you have proper authentication on API endpoints.\n\nWhile there is nothing the average user can do for CVE-2022-2107 other than disabling their devices, there are things that they should do for the other CVE\u2019s filed by BitSight. The most important of these is to update your default password. According to BitSight, 94.5% of the devices they sampled were using the default password and could therefore be controlled without the need for other vulnerabilities. \n\n## CVE-2022-20857: Ignorance isn't always bliss...\n\n### What is it?\n\nIt\u2019s not only college business majors who enjoy pretty, graphical abstractions of dense technical information; we command line folks love a nice interactive overview of our networked devices, too. That is assuming, of course, that said dashboard is not riddled with vulnerabilities, like the Cisco Nexus Dashboard. During a recent internal audit of Cisco\u2019s product suite, ASIG (Cisco\u2019s Advanced Security Initiatives Group) discovered three serious vulnerabilities affecting all versions of the Nexus Dashboard, the most critical of which is CVE-2022-20857.\n\nThe culprit is a single API endpoint which lacks authentication ([CWE-306](<https://cwe.mitre.org/data/definitions/306.html>)), exposing an attack vector through which a malicious agent could achieve remote code execution as root over HTTP. To appreciate the scope of the vulnerability more fully, we need to establish a rudimentary understanding of how Nexus Dashboard is architected. Logically speaking, the dashboard consists of a cluster of several services supporting its many available features. This cluster is exposed to two distinct network interfaces:\n\n * The management network, over which information is exchanged between the cluster and the Dashboard GUI, including actions such as firmware uploads and other core services e.g. SSH and DNS. \n * The data network, which handles all traffic between the cluster and the rest of the connected Cisco infrastructure, as well as intra-cluster communication.\n\nThe vulnerable API endpoint lives in the **data network**, suggesting that exploitation of CVE-2022-20857 could allow an attacker to pivot to any host reachable by the compromised device.\n\n### Who cares?\n\nAt risk of stating the obvious, if you or your organization is using the Nexus Dashboard, this and the other vulnerabilities outlined in [Cisco\u2019s security advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y>) should be of top concern. In the worst-case scenario, a compromised host with access to core internal routing and hosting services is about as bad as it can get in information security.\n\n### What can I do?\n\nBefore any additional sphincter-tightening takes place, you should know that Cisco has patched these vulnerabilities in the [May 8th release](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/release-notes/cisco-nexus-dashboard-release-notes-221.html>) (2.2.1e) of Nexus Dashboard. If you\u2019re unsure of which version your organization is currently using, you can verify this easily by logging in to the Dashboard\u2019s command line interface via SSH and running `acs version`. **All versions prior to 2.2.1e are vulnerable**, so your network administrator should update to this or the subsequent version 2.2.1h, available as of June 6. This can be done by the recommended means of [upgrading your entire Dashboard cluster](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/user-guide/cisco-nexus-dashboard-user-guide-211/operations.html#_firmware_management_cluster_upgrades>) in one go, or by [manually upgrading individual nodes](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/user-guide/cisco-nexus-dashboard-user-guide-211/troubleshooting.html#_manual_upgrades>) in the cluster if needed.\n", "cvss3": {}, "published": "2022-08-03T00:00:00", "type": "trellix", "title": "The Bug Report \u2013 July 2022 Edition", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-20857", "CVE-2022-2107", "CVE-2022-2141", "CVE-2022-2294"], "modified": "2022-08-03T00:00:00", "id": "TRELLIX:6AC0A8EB929E0B0AC515928EFCB01642", "href": "https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/the-bug-report-july-2022-edition.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "apple": [{"lastseen": "2023-06-09T15:14:51", "description": "# About the security content of iOS 15.6 and iPadOS 15.6\n\nThis document describes the security content of iOS 15.6 and iPadOS 15.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 15.6 and iPadOS 15.6\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-42805: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32948: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nEntry updated November 9, 2022 \n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nCVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group\n\nEntry updated September 16, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**CoreMedia**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**Home**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user may be able to view restricted content from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32855: Zitong Wu(\u5434\u6893\u6850) from Zhuhai No.1 Middle School(\u73e0\u6d77\u5e02\u7b2c\u4e00\u4e2d\u5b66)\n\nEntry updated September 16, 2022\n\n**iCloud Photo Library**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to disclosure of user information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Liblouis**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**PluginKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**Safari Extensions**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University\n\n**Software Update**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nWebKit Bugzilla: 241526 \nCVE-2022-32885: P1umer(@p1umer) and Q1IQ(@q1iqF)\n\nEntry added March 16, 2023\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)\n\nEntry added March 16, 2023\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339 \nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2022-32860: Wang Yu of Cyberserval\n\nEntry added November 9, 2022\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of iOS 15.6 and iPadOS 15.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-26768", "CVE-2022-26981", "CVE-2022-32784", "CVE-2022-32785", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32802", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32824", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32830", "CVE-2022-32832", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32844", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32849", "CVE-2022-32855", "CVE-2022-32857", "CVE-2022-32860", "CVE-2022-32863", "CVE-2022-32885", "CVE-2022-32948", "CVE-2022-42805"], "modified": "2022-07-20T00:00:00", "id": "APPLE:DF68F7FFE1ED4E5157204A83619C4B89", "href": "https://support.apple.com/kb/HT213346", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-09T15:14:47", "description": "# About the security content of macOS Monterey 12.5\n\nThis document describes the security content of macOS Monterey 12.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Monterey 12.5\n\nReleased July 20, 2022\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-42858: ABC Research s.r.o.\n\nEntry added May 11, 2023\n\n**APFS**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\nEntry added September 16, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32880: Wojciech Regu\u0142a (@_r3ggi) of SecuRing, Mickey Jin (@patch1t) of Trend Micro, Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added September 16, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-42805: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32948: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nEntry updated November 9, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**Archive Utility**\n\nAvailable for: macOS Monterey\n\nImpact: An archive may be able to bypass Gatekeeper\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32910: Ferdous Saljooki (@malwarezoo) of Jamf Software\n\nEntry added October 4, 2022\n\n**Audio**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**Automation**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Calendar**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: The issue was addressed with improved handling of caches.\n\nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**CoreMedia**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**iCloud Photo Library**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\nEntry added September 16, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed with improved locking.\n\nCVE-2022-32811: ABC Research s.r.o\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group\n\nEntry updated September 16, 2022\n\n**Liblouis**\n\nAvailable for: macOS Monterey\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved checks.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Multi-Touch**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-32786: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32800: Mickey Jin (@patch1t)\n\n**PluginKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**PS Normalizer**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32843: Kai Lu of Zscaler's ThreatLabz\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position may be able to leak sensitive information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive kernel state\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\n**Software Update**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**Spindump**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved file handling.\n\nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Spotlight**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\n**subversion**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in subversion\n\nDescription: Multiple issues were addressed by updating subversion.\n\nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\n**TCC**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nCVE-2022-32834: Xuxiang Yang (@another1024) of Tencent Security Xuanwu Lab (xlab.tencent.com), Gordon Long, Thijs Alkemade (@xnyhps) of Computest Sector 7, Adam Chester from TrustedSec, Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated September 16, 2022, updated May 11, 2023 \n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nWebKit Bugzilla: 241526 \nCVE-2022-32885: P1umer(@p1umer) and Q1IQ(@q1iqF)\n\nEntry added May 11, 2023\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be tracked through their IP address\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32861: Matthias Keller (m-keller.com)\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang5472(@afang5472), xmzyshypnc(@xmzyshypnc1)\n\nEntry added September 16, 2022, updated May 11, 2023 \n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339 \nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2022-32860: Wang Yu of Cyberserval\n\nEntry added November 9, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n**Windows Server**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to capture a user\u2019s screen\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**Calendar**\n\n****We would like to acknowledge Joshua Jones for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**DiskArbitration**\n\nWe would like to acknowledge Mike Cush for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 11, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32802", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857", "CVE-2022-32860", "CVE-2022-32861", "CVE-2022-32863", "CVE-2022-32880", "CVE-2022-32885", "CVE-2022-32910", "CVE-2022-32948", "CVE-2022-42805", "CVE-2022-42858"], "modified": "2022-07-20T00:00:00", "id": "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "href": "https://support.apple.com/kb/HT213345", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-08T22:03:55", "description": "# About the security content of watchOS 8.7\n\nThis document describes the security content of watchOS 8.7.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 8.7\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow issue was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: Apple Watch Series 4 and later\n\nImpact: An app may be able to break out of its sandbox\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**ICU**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Liblouis**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved checks.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Multi-Touch**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Software Update**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang(@afang5472), and xmzyshypnc(@xmzyshypnc1)\n\nEntry added June 8, 2023\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 08, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of watchOS 8.7", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26981", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32824", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32832", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32844", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32857", "CVE-2022-32863"], "modified": "2022-07-20T00:00:00", "id": "APPLE:36D1157BC66453E0491C66ACBF433EE9", "href": "https://support.apple.com/kb/HT213340", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-08T22:03:57", "description": "# About the security content of tvOS 15.6\n\nThis document describes the security content of tvOS 15.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 15.6\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow issue was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Audio**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**CoreMedia**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**iCloud Photo Library**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\n**ImageIO**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to disclosure of user information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Liblouis**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved checks.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Software Update**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang(@afang5472), and xmzyshypnc(@xmzyshypnc1)\n\nEntry added June 8, 2023\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 08, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of tvOS 15.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26981", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32802", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32824", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32830", "CVE-2022-32832", "CVE-2022-32837", "CVE-2022-32839", "CVE-2022-32841", "CVE-2022-32844", "CVE-2022-32847", "CVE-2022-32849", "CVE-2022-32857", "CVE-2022-32863"], "modified": "2022-07-20T00:00:00", "id": "APPLE:525A1C81291F8006179082509655B7D2", "href": "https://support.apple.com/kb/HT213342", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2022-07-05T11:54:40", "description": "While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year.\n\nChrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in [separate ](<https://chromereleases.googleblog.com/>)[blog posts](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the browser its real-time communications capability.\n\nThe vulnerability, tracked as [CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) and reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1**, **is described as a buffer overflow, \u201cwhere the buffer that can be overwritten is allocated in the heap portion of memory,\u201d according to the vulnerability\u2019s [listing](<https://cwe.mitre.org/data/definitions/122.html>) on the Common Weakness Enumeration (CWE) website.\n\nAs per usual, Google did not reveal specific details about the bug, as it generally waits until most have updated to the patched version of the affected product. Indeed, updating is strongly recommended, as exploits for the vulnerability already exist in the wild, Google said.\n\nMoreover, with scant details revealed about the flaw\u2014a habit of Google\u2019s that many security researchers find frustrating\u2014at this point an update is really only way to defend against attacks exploiting the flaw. Fortunately, Google Chrome updates are pushed out without user intervention, so most users will be protected once patches are available.\n\nBuffer overflows generally lead to crashes or other attacks that make the affected program unavailable including putting the program into an infinite loop, according to the CWE listing. Attackers can take advantage of the situation by using the crash to execute arbitrary code typically outside of the scope of the program\u2019s security policy.\n\n\u201cBesides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker\u2019s code,\u201d according to the listing. \u201cEven in applications that do not explicitly use function pointers, the run-time will usually leave many in memory.\u201d\n\n## **Other Fixes**\n\nIn addition to fixing the zero-day buffer overflow flaw, the Chrome releases also patch a type confusion flaw in the V8 JavaScript engine tracked as [CVE-2022-2295](<https://security-tracker.debian.org/tracker/CVE-2022-2295>) and reported June 16 by researchers \u201cavaue\u201d and \u201cBuff3tts\u201d at S.S.L., according to the post.\n\nThis is the third such flaw in the open-source engine used by Chrome and Chromium-based web browsers patched this year alone. In March a separate type-confusion issue in the V8 JavaScript engine tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>) from Google.\n\nThen in April, the company patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), another type confusion flaw affecting Chrome\u2019s use of V8 on which attackers already had pounced.\n\nAnother flaw patched in Monday\u2019s Chrome update is a use-after-free flaw in Chrome OS Shell reported by Khalil Zhani on May 19 and tracked as [CVE-2022-2296](<https://cve.report/CVE-2022-2296>), according to Google. All of the flaws patched in this week\u2019s update received a rating of high. The updates also includes several fixes from internal audits, fuzzing and other initiatives, Google said.\n\nPrior to patching the Chrome V8 JavaScript engine flaws in March and April, Google in February already had patched a zero-day use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that [was under active attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T11:54:21", "type": "threatpost", "title": "Google Patches Actively Exploited Chrome Bug", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-05T11:54:21", "id": "THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "href": "https://threatpost.com/actively-exploited-chrome-bug/180118/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T14:52:00", "description": "Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.\n\nThe bug, tracked as [CVE-2022-2856](<https://vulners.com/cve/CVE-2022-2856>) and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with \u201cinsufficient validation of untrusted input in Intents,\u201d according to [the advisory](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) posted by Google.\n\nGoogle credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19. The advisory also unveiled 10 other patches for various other Chrome issues.\n\nIntents are a deep linking feature on the Android device within the Chrome browser that replaced URI schemes, which previously handled this process, [according to Branch](<https://branch.io/glossary/chrome-intents/>), a company that offers various linking options for mobile applications.\n\n\u201cInstead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document,\u201d the company explained on its website. Intent \u201cadds complexity\u201d but \u201cautomatically handles the case of the mobile app not being installed\u201d within links, according to the post.\n\nInsufficient validation is associated with input validation, a frequently-used technique for checking potentially dangerous inputs to ensure that they are safe for processing within the code, or when communicating with other components, [according to MITRE\u2019s Common Weakness Enumeration site](<https://cwe.mitre.org/data/definitions/20.html>).\n\n\u201cWhen software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application,\u201d according to a post on the site. \u201cThis will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.\u201d\n\n**Fending Off Exploits**\n\nAs is typical, Google did not disclose specific details of the bug until it is widely patched to avoid threat actors taking further advantage of it, a strategy that one security professional noted is a wise one.\n\n\u201cPublicizing details on an actively exploited zero-day vulnerability just as a patch becomes available could have dire consequences, because it takes time to roll out security updates to vulnerable systems and attackers are champing at the bit to exploit these types of flaws,\u201d observed Satnam Narang, senior staff research engineer at cybersecurity firm [Tenable,](<https://www.tenable.com/>) in an email to Threatpost.\n\n** **Holding back info is also sound given that other Linux distributions and browsers, such as Microsoft Edge, also include code based on Google\u2019s Chromium Project. These all could be affected if an exploit for a vulnerability is released, he said.\n\n\u201cIt is extremely valuable for defenders to have that buffer,\u201d Narang added.\n\nWhile the majority of the fixes in the update are for vulnerabilities rated as high or medium risk, Google did patch a critical bug tracked as [CVE-2022-2852](<https://vulners.com/cve/CVE-2022-2852>), a use-after-free issue in FedCM reported by Sergei Glazunov of Google Project Zero on Aug. 8. FedCM\u2014short for the Federated Credential Management API\u2013provides a use-case-specific abstraction for federated identity flows on the web, [according to Google](<https://developer.chrome.com/docs/privacy-sandbox/fedcm/>).\n\n**Fifth Chrome 0Day Patch So Far**\n\nThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.\n\nIn July, the company fixed an [actively exploited heap buffer overflow flaw](<https://threatpost.com/actively-exploited-chrome-bug/180118/>) tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) in WebRTC, the engine that gives Chrome its real-time communications capability, while in May it was a separate buffer overflow flaw tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) and under active attack that got slapped with a patch.\n\nIn April, Google patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), a type confusion flaw affecting Chrome\u2019s use of the V8 JavaScript engine on which attackers already had pounced. The previous month a separate type-confusion issue in V8 tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack also [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>).\n\nFebruary saw a fix for the first of this year\u2019s Chrome zero-days, a use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that already [was under attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>). Later [it was revealed](<https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/>) that North Korean hackers were exploiting the flaw weeks before it was discovered and patched.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-18T14:31:38", "type": "threatpost", "title": "Google Patches Chrome\u201
About the security content of Safari 15.6
