Apple iTunes < 12.12.4 Multiple Vulnerabilities (uncredentialed check)

2022-05-19T00:00:00

Description

The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213259 advisory. - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717) - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711) - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2022-26751) - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. (CVE-2022-26773) - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "ITUNES_12_12_4_BANNER.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Apple iTunes < 12.12.4 Multiple Vulnerabilities (uncredentialed check)", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213259 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.\n (CVE-2022-26751)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.\n (CVE-2022-26773)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-05-19T00:00:00", "modified": "2023-03-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/161375", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26717", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26773", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26711", "https://support.apple.com/en-us/HT213259", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26774", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26751"], "cvelist": ["CVE-2022-26711", "CVE-2022-26717", "CVE-2022-26751", "CVE-2022-26773", "CVE-2022-26774"], "immutableFields": [], "lastseen": "2023-03-25T04:41:34", "viewCount": 25, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:7704"]}, {"type": "apple", "idList": ["APPLE:38D159D6E779C73F1BC2E5DC6FAE972E", "APPLE:63081AE5B69AA7BDB8335C6FB30CCAE2", "APPLE:63CA0F4232480C58A7826938831F5D5B", "APPLE:7EEA575A8CC6E987A9540E9F4D3D8C7F", "APPLE:9A4969F10DDA950938D09FB74CC40FF8", "APPLE:A95E7412240FFF6EACC98CE0311A5EE5", "APPLE:DCF97E625A2F1F327AB03D7CEBDBE265", "APPLE:E82A2A3D978FD519CBF58A36F587B070"]}, {"type": "cve", "idList": ["CVE-2022-26711", "CVE-2022-26717", "CVE-2022-26751", "CVE-2022-26773", "CVE-2022-26774"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5154-1:97DF0", "DEBIAN:DSA-5155-1:3DDFA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-26717"]}, {"type": "fedora", "idList": ["FEDORA:2A61830571BA", "FEDORA:94DB030B0318"]}, {"type": "gentoo", "idList": ["GLSA-202208-39"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2022-8054.NASL", "APPLE_IOS_155_CHECK.NBIN", "CENTOS8_RHSA-2022-7704.NASL", "DEBIAN_DSA-5154.NASL", "DEBIAN_DSA-5155.NASL", "GENTOO_GLSA-202208-39.NASL", "ITUNES_12_12_4.NASL", "MACOS_HT213255.NASL", "MACOS_HT213256.NASL", "MACOS_HT213257.NASL", "ORACLELINUX_ELSA-2022-7704.NASL", "ORACLELINUX_ELSA-2022-8054.NASL", "REDHAT-RHSA-2022-7704.NASL", "REDHAT-RHSA-2022-8054.NASL", "ROCKY_LINUX_RLSA-2022-7704.NASL", "SUSE_SU-2022-2030-1.NASL", "SUSE_SU-2022-2071-1.NASL", "SUSE_SU-2022-2072-1.NASL", "SUSE_SU-2022-2089-1.NASL", "UBUNTU_USN-5457-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-7704", "ELSA-2022-8054"]}, {"type": "osv", "idList": ["OSV:DSA-5154-1", "OSV:DSA-5155-1"]}, {"type": "redhat", "idList": ["RHSA-2022:7435", "RHSA-2022:7704", "RHSA-2022:8054", "RHSA-2022:8750", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:8938", "RHSA-2022:8964", "RHSA-2022:9040", "RHSA-2022:9047", "RHSA-2023:0408", "RHSA-2023:0470", "RHSA-2023:0542", "RHSA-2023:0631", "RHSA-2023:0709", "RHSA-2023:0795", "RHSA-2023:0918", "RHSA-2023:0934", "RHSA-2023:1174"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-26717"]}, {"type": "rocky", "idList": ["RLSA-2022:7704", "RLSA-2022:8054"]}, {"type": "suse", "idList": ["SUSE-SU-2022:2071-1", "SUSE-SU-2022:2072-1"]}, {"type": "ubuntu", "idList": ["USN-5457-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-26717"]}, {"type": "veracode", "idList": ["VERACODE:38699"]}, {"type": "zdi", "idList": ["ZDI-22-792", "ZDI-22-794"]}]}, "epss": [{"cve": "CVE-2022-26711", "epss": 0.00367, "percentile": 0.68201, "modified": "2023-03-24"}, {"cve": "CVE-2022-26717", "epss": 0.00104, "percentile": 0.41117, "modified": "2023-03-24"}, {"cve": "CVE-2022-26751", "epss": 0.00057, "percentile": 0.21564, "modified": "2023-03-24"}, {"cve": "CVE-2022-26773", "epss": 0.00054, "percentile": 0.19469, "modified": "2023-03-24"}, {"cve": "CVE-2022-26774", "epss": 0.00042, "percentile": 0.05627, "modified": "2023-03-24"}], "vulnersScore": 0.4}, "_state": {"score": 0, "dependencies": 1679719353, "epss": 1679719310}, "_internal": {"score_hash": "3dbd762ed4bda65a240c1cf419111312"}, "pluginID": "161375", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161375);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-26711\",\n \"CVE-2022-26717\",\n \"CVE-2022-26751\",\n \"CVE-2022-26773\",\n \"CVE-2022-26774\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213259\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-05-18\");\n\n script_name(english:\"Apple iTunes < 12.12.4 Multiple Vulnerabilities (uncredentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT213259 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5,\n iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker\n may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes\n 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6,\n macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.\n (CVE-2022-26751)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for\n Windows. An application may be able to delete files for which it does not have permission.\n (CVE-2022-26773)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for\n Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213259\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26717\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26751\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"installed_sw/iTunes DAAP\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\n\nvar app = 'iTunes DAAP';\nvar port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nvar app_info = vcf::get_app_info(app:app, port:port);\nif (app_info.Type != 'Windows') audit(AUDIT_OS_NOT, 'Windows');\nvar constraints = [{'fixed_version':'12.12.4'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Peer-To-Peer File Sharing", "cpe": ["cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*"], "solution": "Upgrade to Apple iTunes version 12.12.4 or later.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-26717", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "8.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-05-18T00:00:00", "vulnerabilityPublicationDate": "2022-05-16T00:00:00", "exploitableWith": []}

{"apple": [{"lastseen": "2022-10-29T05:58:53", "description": "# About the security content of iTunes 12.12.4 for Windows\n\nThis document describes the security content of iTunes 12.12.4 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.12.4 for Windows\n\nReleased May 18, 2022\n\n**AppleGraphicsControl**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Windows 10 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow issue was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**iTunes**\n\nAvailable for: Windows 10 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26774: Sai Wynn Myat (@404death)\n\n**Mobile Device Service**\n\nAvailable for: Windows 10 and later\n\nImpact: An application may be able to delete files for which it does not have permission\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26773: Sai Wynn Myat (@404death)\n\n**WebKit**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 18, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-18T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.12.4 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26711", "CVE-2022-26717", "CVE-2022-26751", "CVE-2022-26773", "CVE-2022-26774"], "modified": "2022-05-18T00:00:00", "id": "APPLE:38D159D6E779C73F1BC2E5DC6FAE972E", "href": "https://support.apple.com/kb/HT213259", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-28T05:58:18", "description": "# About the security content of Safari 15.5\n\nThis document describes the security content of Safari 15.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 15.5\n\nReleased May 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 25, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of Safari 15.5", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719"], "modified": "2022-05-16T00:00:00", "id": "APPLE:7EEA575A8CC6E987A9540E9F4D3D8C7F", "href": "https://support.apple.com/kb/HT213260", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-16T22:04:00", "description": "# About the security content of iOS 15.5 and iPadOS 15.5\n\nThis document describes the security content of iOS 15.5 and iPadOS 15.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 15.5 and iPadOS 15.5\n\nReleased May 16, 2022\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26702: an anonymous researcher, Antonio Zekic (@antoniozekic), and John Aakerblom (@jaakerblom)\n\nEntry updated March 16, 2023 \n\n**AppleGraphicsControl**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26736: an anonymous researcher\n\nCVE-2022-26737: an anonymous researcher\n\nCVE-2022-26738: an anonymous researcher\n\nCVE-2022-26739: an anonymous researcher\n\nCVE-2022-26740: an anonymous researcher\n\n**DriverKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**FaceTime**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26744: an anonymous researcher\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow issue was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**IOKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\n**IOSurfaceAccelerator**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26771: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**libresolv**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Max Shavrick (@_mxms) of the Google Security Team, Zubair Ashraf of Crowdstrike\n\nEntry added June 21, 2022\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**Notes**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a large input may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal\n\n**Safari Private Browsing**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26731: an anonymous researcher\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Shortcuts**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access to an iOS device may be able to access photos from the lock screen\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-26703: Salman Syed (@slmnsd551)\n\n**TCC**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: Antonio Cheong Yu Xuan of YCISCQ\n\nEntry added March 16, 2023\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call\n\nDescription: A logic issue in the handling of concurrent media was addressed with improved state handling.\n\nWebKit Bugzilla: 237524 \nCVE-2022-22677: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry updated July 6, 2022\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2015-4142: Kostya Kortchinsky of Google Security Team\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26762: Wang Yu of Cyberserval\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**FaceTime**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**FileVault**\n\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.\n\nEntry added March 16, 2023 \n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\n**Wi-Fi**\n\nWe would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of iOS 15.5 and iPadOS 15.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4142", "CVE-2022-22673", "CVE-2022-22677", "CVE-2022-23308", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26702", "CVE-2022-26703", "CVE-2022-26706", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26714", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-26726", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26744", "CVE-2022-26745", "CVE-2022-26751", "CVE-2022-26757", "CVE-2022-26760", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26771", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32781", "CVE-2022-32790"], "modified": "2022-05-16T00:00:00", "id": "APPLE:A95E7412240FFF6EACC98CE0311A5EE5", "href": "https://support.apple.com/kb/HT213258", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-06T17:11:42", "description": "# About the security content of watchOS 8.6\n\nThis document describes the security content of watchOS 8.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## watchOS 8.6\n\nReleased May 16, 2022\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26702: an anonymous researcher\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22675: an anonymous researcher\n\n**DriverKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**IOMobileFrameBuffer**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**IOSurfaceAccelerator**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26771: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**libresolv**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Max Shavrick (@_mxms) of the Google Security Team, Zubair Ashraf of Crowdstrike\n\nEntry added June 21, 2022\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**Security**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**TCC**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to capture a user's screen\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry added July 6, 2022\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: an anonymous researcher\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 06, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of watchOS 8.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22675", "CVE-2022-23308", "CVE-2022-26700", "CVE-2022-26702", "CVE-2022-26706", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26714", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-26726", "CVE-2022-26745", "CVE-2022-26757", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26768", "CVE-2022-26771", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32790"], "modified": "2022-05-16T00:00:00", "id": "APPLE:63081AE5B69AA7BDB8335C6FB30CCAE2", "href": "https://support.apple.com/kb/HT213253", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T21:58:26", "description": "# About the security content of tvOS 15.5\n\nThis document describes the security content of tvOS 15.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 15.5\n\nReleased May 16, 2022\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26702: an anonymous researcher\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22675: an anonymous researcher\n\n**AuthKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A local user may be able to enable iCloud Photos without authentication\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2022-26724: Jorge A. Caballero (@DataDrivenMD)\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26736: an anonymous researcher\n\nCVE-2022-26737: an anonymous researcher\n\nCVE-2022-26738: an anonymous researcher\n\nCVE-2022-26739: an anonymous researcher\n\nCVE-2022-26740: an anonymous researcher\n\n**DriverKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**ImageIO**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**IOKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\n**IOMobileFrameBuffer**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**IOSurfaceAccelerator**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26771: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**libresolv**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Max Shavrick (@_mxms) of the Google Security Team, Zubair Ashraf of Crowdstrike\n\nEntry added June 21, 2022\n\n**libxml2**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**Security**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry updated July 6, 2022\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 06, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of tvOS 15.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22675", "CVE-2022-23308", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26702", "CVE-2022-26706", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26714", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-26724", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26745", "CVE-2022-26757", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26768", "CVE-2022-26771", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32790"], "modified": "2022-05-16T00:00:00", "id": "APPLE:DCF97E625A2F1F327AB03D7CEBDBE265", "href": "https://support.apple.com/kb/HT213254", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-29T05:58:59", "description": "# About the security content of macOS Monterey 12.4\n\nThis document describes the security content of macOS Monterey 12.4.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## macOS Monterey 12.4\n\nReleased May 16, 2022\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26772: an anonymous researcher\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2022-26741: ABC Research s.r.o\n\nCVE-2022-26742: ABC Research s.r.o\n\nCVE-2022-26749: ABC Research s.r.o\n\nCVE-2022-26750: ABC Research s.r.o\n\nCVE-2022-26752: ABC Research s.r.o\n\nCVE-2022-26753: ABC Research s.r.o\n\nCVE-2022-26754: ABC Research s.r.o\n\n**apache**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in apache\n\nDescription: Multiple issues were addressed by updating apache to version 2.4.53.\n\nCVE-2021-44224\n\nCVE-2021-44790\n\nCVE-2022-22719\n\nCVE-2022-22720\n\nCVE-2022-22721\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be able to view sensitive user information\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-26707: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-26698: Qi Sun of Trend Micro, Ye Zhang (@co0py_Cat) of Baidu Security\n\nEntry updated July 6, 2022\n\n**AVEVideoEncoder**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26736: an anonymous researcher\n\nCVE-2022-26737: an anonymous researcher\n\nCVE-2022-26738: an anonymous researcher\n\nCVE-2022-26739: an anonymous researcher\n\nCVE-2022-26740: an anonymous researcher\n\n**Bluetooth**\n\nAvailable for: macOS Monterey\n\nImpact: An app may gain unauthorized access to Bluetooth\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32783: Jon Thompson of Evolve (Des Moines, IA)\n\nEntry added July 6, 2022\n\n**Contacts**\n\nAvailable for: macOS Monterey\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26694: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**CVMS**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\n\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\n**DriverKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**FaceTime**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow issue was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Photo location information may persist after it is removed with Preview Inspector\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26725: Andrew Williams and Avi Drissman of Google\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\n**IOKit**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\n**IOMobileFrameBuffer**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26743: Jordy Zomer (@pwningsystems)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: macOS Monterey\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**LaunchServices**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: The issue was addressed with additional permissions checks.\n\nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Libinfo**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32882: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab\n\nEntry added September 16, 2022\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\n**LibreSSL**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2022-0778\n\n**libxml2**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**OpenSSL**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-0778\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32794: Mickey Jin (@patch1t)\n\nEntry added October 4, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22617: Mickey Jin (@patch1t)\n\nEntry added July 6, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26712: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26727: Mickey Jin (@patch1t)\n\n**Photo Booth**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32782: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**Preview**\n\nAvailable for: macOS Monterey\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26693: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Printing**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26746: @gorelics\n\n**Safari Private Browsing**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26731: an anonymous researcher\n\n**Security**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26723: Felix Poulin-Belanger\n\n**SoftwareUpdate**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26728: Mickey Jin (@patch1t)\n\n**Spotlight**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.\n\nCVE-2022-26704: Joshua Mason of Mandiant\n\nEntry updated July 6, 2022\n\n**TCC**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to capture a user's screen\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: an anonymous researcher\n\n**Tcl**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: This issue was addressed with improved environment sanitization.\n\nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\n**Terminal**\n\nAvailable for: macOS Monterey\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved environment sanitization.\n\nCVE-2022-26696: Ron Waisberg, Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**WebRTC**\n\nAvailable for: macOS Monterey\n\nImpact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call\n\nDescription: A logic issue in the handling of concurrent media was addressed with improved state handling.\n\nWebKit Bugzilla: 237524 \nCVE-2022-22677: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry updated July 6, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26761: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26762: Wang Yu of Cyberserval\n\n**zip**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2022-0530\n\n**zlib**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-25032: Tavis Ormandy\n\n**zsh**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed by updating to zsh version 5.8.1.\n\nCVE-2021-45444\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**Bluetooth**\n\nWe would like to acknowledge Jann Horn of Project Zero for their assistance.\n\n**Calendar**\n\nWe would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.\n\n**FaceTime**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**FileVault**\n\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.\n\n**Login Window**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\n**Photo Booth**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**System Preferences**\n\nWe would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui) and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\n**Wi-Fi**\n\nWe would like to acknowledge Dana Morrison for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 04, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.4", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22617", "CVE-2022-22677", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26693", "CVE-2022-26694", "CVE-2022-26696", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26704", "CVE-2022-26706", "CVE-2022-26707", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26712", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26718", "CVE-2022-26719", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26723", "CVE-2022-26725", "CVE-2022-26726", "CVE-2022-26727", "CVE-2022-26728", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26741", "CVE-2022-26742", "CVE-2022-26743", "CVE-2022-26745", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26749", "CVE-2022-26750", "CVE-2022-26751", "CVE-2022-26752", "CVE-2022-26753", "CVE-2022-26754", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26767", "CVE-2022-26768", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26772", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32781", "CVE-2022-32782", "CVE-2022-32783", "CVE-2022-32790", "CVE-2022-32794", "CVE-2022-32882"], "modified": "2022-05-16T00:00:00", "id": "APPLE:E82A2A3D978FD519CBF58A36F587B070", "href": "https://support.apple.com/kb/HT213257", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-04T21:58:56", "description": "# About the security content of Security Update 2022-004 Catalina\n\nThis document describes the security content of Security Update 2022-004 Catalina.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Security Update 2022-004 Catalina\n\nReleased May 16, 2022\n\n**apache**\n\nAvailable for: macOS Catalina\n\nImpact: Multiple issues in apache\n\nDescription: Multiple issues were addressed by updating apache to version 2.4.53.\n\nCVE-2021-44224\n\nCVE-2021-44790\n\nCVE-2022-22719\n\nCVE-2022-22720\n\nCVE-2022-22721\n\n**AppKit**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2022-22665: Lockheed Martin Red Team\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-26698: Qi Sun of Trend Micro\n\n**CoreTypes**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\n**CVMS**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\n\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\n**DriverKit**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Graphics Drivers**\n\nAvailable for: macOS Catalina\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2022-22674: an anonymous researcher\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative\n\n**Kernel**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**libresolv**\n\nAvailable for: macOS Catalina\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: macOS Catalina\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\n**LibreSSL**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2022-0778\n\n**libxml2**\n\nAvailable for: macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**OpenSSL**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-0778\n\n**PackageKit**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32794: Mickey Jin (@patch1t)\n\nEntry added October 4, 2022\n\n**PackageKit**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26727: Mickey Jin (@patch1t)\n\n**Printing**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26746: @gorelics\n\n**Security**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**SMB**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SoftwareUpdate**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26728: Mickey Jin (@patch1t)\n\n**TCC**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to capture a user's screen\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: an anonymous researcher\n\n**Tcl**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: This issue was addressed with improved environment sanitization.\n\nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\n**WebKit**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted mail message may lead to running arbitrary javascript\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26761: Wang Yu of Cyberserval\n\n**zip**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2022-0530\n\n**zlib**\n\nAvailable for: macOS Catalina\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-25032: Tavis Ormandy\n\n**zsh**\n\nAvailable for: macOS Catalina\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed by updating to zsh version 5.8.1.\n\nCVE-2021-45444\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**PackageKit**\n\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 04, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of Security Update 2022-004 Catalina", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22589", "CVE-2022-22663", "CVE-2022-22665", "CVE-2022-22674", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26726", "CVE-2022-26727", "CVE-2022-26728", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26751", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26763", "CVE-2022-26766", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26775", "CVE-2022-32790", "CVE-2022-32794"], "modified": "2022-05-16T00:00:00", "id": "APPLE:63CA0F4232480C58A7826938831F5D5B", "href": "https://support.apple.com/kb/HT213255", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-04T21:58:55", "description": "# About the security content of macOS Big Sur 11.6.6\n\nThis document describes the security content of macOS Big Sur 11.6.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## macOS Big Sur 11.6.6\n\nReleased May 16, 2022\n\n**apache**\n\nAvailable for: macOS Big Sur\n\nImpact: Multiple issues in apache\n\nDescription: Multiple issues were addressed by updating apache to version 2.4.53.\n\nCVE-2021-44224\n\nCVE-2021-44790\n\nCVE-2022-22719\n\nCVE-2022-22720\n\nCVE-2022-22721\n\n**AppKit**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2022-22665: Lockheed Martin Red Team\n\n**AppleAVD**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22675: an anonymous researcher\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-26698: Qi Sun of Trend Micro, Ye Zhang (@co0py_Cat) of Baidu Security\n\nEntry updated July 6, 2022\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\n**CoreTypes**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\n**CVMS**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\n\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\n**DriverKit**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Graphics Drivers**\n\nAvailable for: macOS Big Sur\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2022-22674: an anonymous researcher\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative\n\n**IOMobileFrameBuffer**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**LaunchServices**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: The issue was addressed with additional permissions checks.\n\nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**LaunchServices**\n\nAvailable for: macOS Big Sur\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**Libinfo**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32882: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab\n\nEntry added September 16, 2022\n\n**libresolv**\n\nAvailable for: macOS Big Sur\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: macOS Big Sur\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team\n\n**LibreSSL**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2022-0778\n\n**libxml2**\n\nAvailable for: macOS Big Sur\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**OpenSSL**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-0778\n\n**PackageKit**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32794: Mickey Jin (@patch1t)\n\nEntry added October 4, 2022\n\n**PackageKit**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26712: Mickey Jin (@patch1t)\n\n**Printing**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26746: @gorelics\n\n**Safari Private Browsing**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26731: an anonymous researcher\n\nEntry added July 6, 2022\n\n**Security**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**SMB**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SMB**\n\nAvailable for: macOS Big Sur\n\nImpact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26723: Felix Poulin-Belanger\n\n**SMB**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SoftwareUpdate**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26728: Mickey Jin (@patch1t)\n\n**TCC**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to capture a user's screen\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: an anonymous researcher\n\n**Tcl**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: This issue was addressed with improved environment sanitization.\n\nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\n**Vim**\n\nAvailable for: macOS Big Sur\n\nImpact: Multiple issues in Vim\n\nDescription: Multiple issues were addressed by updating Vim.\n\nCVE-2021-4136\n\nCVE-2021-4166\n\nCVE-2021-4173\n\nCVE-2021-4187\n\nCVE-2021-4192\n\nCVE-2021-4193\n\nCVE-2021-46059\n\nCVE-2022-0128\n\n**WebKit**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted mail message may lead to running arbitrary javascript\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)\n\n**Wi-Fi**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry updated July 6, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26761: Wang Yu of Cyberserval\n\n**zip**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2022-0530\n\n**zlib**\n\nAvailable for: macOS Big Sur\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-25032: Tavis Ormandy\n\n**zsh**\n\nAvailable for: macOS Big Sur\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed by updating to zsh version 5.8.1.\n\nCVE-2021-45444\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Bluetooth**\n\nWe would like to acknowledge Jann Horn of Project Zero for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 04, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of macOS Big Sur 11.6.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2021-46059", "CVE-2022-0128", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22589", "CVE-2022-22663", "CVE-2022-22665", "CVE-2022-22674", "CVE-2022-22675", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26706", "CVE-2022-26712", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26718", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26723", "CVE-2022-26726", "CVE-2022-26728", "CVE-2022-26731", "CVE-2022-26745", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26751", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26763", "CVE-2022-26766", "CVE-2022-26767", "CVE-2022-26768", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26776", "CVE-2022-32790", "CVE-2022-32794", "CVE-2022-32882"], "modified": "2022-05-16T00:00:00", "id": "APPLE:9A4969F10DDA950938D09FB74CC40FF8", "href": "https://support.apple.com/kb/HT213256", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-03-26T00:37:07", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213259 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.\n (CVE-2022-26751)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.\n (CVE-2022-26773)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.12.4 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26711", "CVE-2022-26717", "CVE-2022-26751", "CVE-2022-26773", "CVE-2022-26774"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*"], "id": "ITUNES_12_12_4.NASL", "href": "https://www.tenable.com/plugins/nessus/161376", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161376);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-26711\",\n \"CVE-2022-26717\",\n \"CVE-2022-26751\",\n \"CVE-2022-26773\",\n \"CVE-2022-26774\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213259\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-05-18\");\n\n script_name(english:\"Apple iTunes < 12.12.4 Multiple Vulnerabilities (credentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT213259 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5,\n iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker\n may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes\n 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6,\n macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.\n (CVE-2022-26751)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for\n Windows. An application may be able to delete files for which it does not have permission.\n (CVE-2022-26773)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for\n Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213259\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26717\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26751\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::get_app_info(app:'iTunes Version', win_local:TRUE);\nvar constraints = [{'fixed_version':'12.12.4'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-25T04:43:02", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5457-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.10 / 22.04 LTS : WebKitGTK vulnerabilities (USN-5457-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:canonical:ubuntu_linux:20.04:-:lts:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:gir1.2-webkit2-4.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:webkit2gtk-driver:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:22.04:-:lts:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:gir1.2-webkit2-4.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev:*:*:*:*:*:*:*"], "id": "UBUNTU_USN-5457-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161750", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5457-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161750);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\"\n );\n script_xref(name:\"USN\", value:\"5457-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.10 / 22.04 LTS : WebKitGTK vulnerabilities (USN-5457-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5457-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5457-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|21\\.10|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.10 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '21.10', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.3-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-15T08:32:53", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2030-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2030-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:webkit2gtk-4_0-injected-bundles:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:webkit2gtk3-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libjavascriptcoregtk-4_0-18:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libwebkit2gtk-4_0-37:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libwebkit2gtk3-lang:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-javascriptcore-4_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-webkit2-4_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2030-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162007", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2030-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162007);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2030-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2030-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2030-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200106\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011254.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8093dbd0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T02:50:13", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2072-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2072-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2072-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162244", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2072-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162244);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2072-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2072-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2072-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200106\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011284.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a63466a1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.36.3-150200.35.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.36.3-150200.35.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit-jsc-4-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk3-minibrowser-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T02:51:03", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2071-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2071-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_1", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2071-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162241", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2071-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162241);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2071-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2071-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2071-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200106\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011283.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?823dde58\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'WebKit2GTK-4.0-lang-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-4.1-lang-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-5.0-lang-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.36.3-150400.4.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-32bit-2.36.3-150400.4.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.36.3-150400.4.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-32bit-2.36.3-150400.4.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-5_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4.1-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-5.0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-minibrowser-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-minibrowser-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-devel-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-minibrowser-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'WebKit2GTK-4.0-lang / WebKit2GTK-4.1-lang / WebKit2GTK-5.0-lang / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T16:24:47", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2089-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2089-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:webkit2gtk-4_0-injected-bundles:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:webkit2gtk3-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libjavascriptcoregtk-4_0-18:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libwebkit2gtk-4_0-37:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libwebkit2gtk3-lang:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-javascriptcore-4_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-webkit2-4_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2089-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162310", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2089-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162310);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2089-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2089-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2089-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200106\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011295.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80ab998d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-25T08:08:47", "description": "The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5154 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "nessus", "title": "Debian DSA-5154-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:gir1.2-webkit2-4.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libjavascriptcoregtk-4.0-18:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libjavascriptcoregtk-4.0-bin:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libjavascriptcoregtk-4.0-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libwebkit2gtk-4.0-37:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libwebkit2gtk-4.0-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libwebkit2gtk-4.0-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:webkit2gtk-driver:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-5154.NASL", "href": "https://www.tenable.com/plugins/nessus/161747", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5154. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161747);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\",\n \"CVE-2022-30294\"\n );\n\n script_name(english:\"Debian DSA-5154-1 : webkit2gtk - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5154 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-30293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-30294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/webkit2gtk\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.36.3-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37-gtk2', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.36.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.36.3-1~deb10u1'},\n {'release': '11.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-37-gtk2', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.36.3-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-25T18:51:26", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5155 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "nessus", "title": "Debian DSA-5155-1 : wpewebkit - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libwpewebkit-1.0-3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libwpewebkit-1.0-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libwpewebkit-1.0-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:wpewebkit-driver:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-5155.NASL", "href": "https://www.tenable.com/plugins/nessus/161751", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5155. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161751);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\",\n \"CVE-2022-30294\"\n );\n\n script_name(english:\"Debian DSA-5155-1 : wpewebkit - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5155 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/wpewebkit\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-30293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-30294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/wpewebkit\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the wpewebkit packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.36.3-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpewebkit-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-3', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-dev', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-doc', 'reference': '2.36.3-1~deb11u1'},\n {'release': '11.0', 'prefix': 'wpewebkit-driver', 'reference': '2.36.3-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwpewebkit-1.0-3 / libwpewebkit-1.0-dev / libwpewebkit-1.0-doc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T23:00:42", "description": "The version of Apple iOS running on the mobile device is prior to 15.5. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)\n\n - A vulnerability in WebKit may lead to code execution when processing malicious web content due to a memory corruption issue. (CVE-2022-26700)\n\n - A vulnerability in AppleGraphicsControl that may lead to code execution when processing malicious images due to a memory corruption issue. (CVE-2022-26751:)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "Apple iOS < 15.5 Multiple Vulnerabilities (HT213258)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4142", "CVE-2022-22673", "CVE-2022-22677", "CVE-2022-23308", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26702", "CVE-2022-26703", "CVE-2022-26706", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26714", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26744", "CVE-2022-26745", "CVE-2022-26751", "CVE-2022-26757", "CVE-2022-26760", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26771"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_155_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/161384", "sourceData": "Binary data apple_ios_155_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T22:37:11", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7704 advisory.\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : webkit2gtk3 (RLSA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:webkit2gtk3", "p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-debugsource", "p-cpe:/a:rocky:linux:webkit2gtk3-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167812", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:7704.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167812);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RLSA\", value:\"2022:7704\");\n\n script_name(english:\"Rocky Linux 8 : webkit2gtk3 (RLSA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:7704 advisory.\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:7704\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-debuginfo / webkit2gtk3-debugsource / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-13T03:58:52", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8054 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "RHEL 9 : webkit2gtk3 (RHSA-2022:8054)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/167607", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8054. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167607);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:8054\");\n\n script_name(english:\"RHEL 9 : webkit2gtk3 (RHSA-2022:8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:8054 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 200, 416, 787, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-12T15:08:48", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7704 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : webkit2gtk3 (ELSA-2022-7704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:glib2", "p-cpe:/a:oracle:linux:glib2-devel", "p-cpe:/a:oracle:linux:glib2-doc", "p-cpe:/a:oracle:linux:glib2-fam", "p-cpe:/a:oracle:linux:glib2-static", "p-cpe:/a:oracle:linux:glib2-tests", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel"], "id": "ORACLELINUX_ELSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167533", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7704.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167533);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/15\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n\n script_name(english:\"Oracle Linux 8 : webkit2gtk3 (ELSA-2022-7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7704 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7704.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-159.0.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glib2 / glib2-devel / glib2-doc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-13T10:37:20", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8054 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : webkit2gtk3 (ELSA-2022-8054)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-22T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel"], "id": "ORACLELINUX_ELSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/168097", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-8054.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168097);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/22\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n\n script_name(english:\"Oracle Linux 9 : webkit2gtk3 (ELSA-2022-8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-8054 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-8054.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-13T06:46:37", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8054 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : webkit2gtk3 (ALSA-2022:8054)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-19T00:00:00", "cpe": ["p-cpe:/a:alma:linux:webkit2gtk3", "p-cpe:/a:alma:linux:webkit2gtk3-devel", "p-cpe:/a:alma:linux:webkit2gtk3-jsc", "p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream"], "id": "ALMA_LINUX_ALSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/168001", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:8054.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168001);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/19\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"ALSA\", value:\"2022:8054\");\n\n script_name(english:\"AlmaLinux 9 : webkit2gtk3 (ALSA-2022:8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:8054 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-8054.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(1173, 120, 200, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-13T03:58:20", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "nessus", "title": "CentOS 8 : webkit2gtk3 (CESA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:webkit2gtk3", "p-cpe:/a:centos:centos:webkit2gtk3-devel", "p-cpe:/a:centos:centos:webkit2gtk3-jsc", "p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel"], "id": "CENTOS8_RHSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167122", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:7704. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167122);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7704\");\n\n script_name(english:\"CentOS 8 : webkit2gtk3 (CESA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7704\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-12T10:47:48", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : webkit2gtk3 (RHSA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167169", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7704. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167169);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7704\");\n\n script_name(english:\"RHEL 8 : webkit2gtk3 (RHSA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 200, 416, 787, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:24:04", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.4 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2018-25032)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser. (CVE-2021-44790)\n\n - Exploitation of this vulnerability may lead to arbitrary code execution. (CVE-2021-45444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-20T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.4 (HT213257)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22677", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26693", "CVE-2022-26694", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26704", "CVE-2022-26706", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26712", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26718", "CVE-2022-26719", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26723", "CVE-2022-26725", "CVE-2022-26726", "CVE-2022-26727", "CVE-2022-26728", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26741", "CVE-2022-26742", "CVE-2022-26743", "CVE-2022-26745", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26749", "CVE-2022-26750", "CVE-2022-26751", "CVE-2022-26752", "CVE-2022-26753", "CVE-2022-26754", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26767", "CVE-2022-26768", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26772", "CVE-2022-26775", "CVE-2022-26776"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213257.NASL", "href": "https://www.tenable.com/plugins/nessus/161410", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161410);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2018-25032\",\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2021-45444\",\n \"CVE-2022-0530\",\n \"CVE-2022-0778\",\n \"CVE-2022-22677\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23308\",\n \"CVE-2022-26693\",\n \"CVE-2022-26694\",\n \"CVE-2022-26697\",\n \"CVE-2022-26698\",\n \"CVE-2022-26700\",\n \"CVE-2022-26701\",\n \"CVE-2022-26704\",\n \"CVE-2022-26706\",\n \"CVE-2022-26708\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26711\",\n \"CVE-2022-26712\",\n \"CVE-2022-26714\",\n \"CVE-2022-26715\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26718\",\n \"CVE-2022-26719\",\n \"CVE-2022-26720\",\n \"CVE-2022-26721\",\n \"CVE-2022-26722\",\n \"CVE-2022-26723\",\n \"CVE-2022-26725\",\n \"CVE-2022-26726\",\n \"CVE-2022-26727\",\n \"CVE-2022-26728\",\n \"CVE-2022-26731\",\n \"CVE-2022-26736\",\n \"CVE-2022-26737\",\n \"CVE-2022-26738\",\n \"CVE-2022-26739\",\n \"CVE-2022-26740\",\n \"CVE-2022-26741\",\n \"CVE-2022-26742\",\n \"CVE-2022-26743\",\n \"CVE-2022-26745\",\n \"CVE-2022-26746\",\n \"CVE-2022-26748\",\n \"CVE-2022-26749\",\n \"CVE-2022-26750\",\n \"CVE-2022-26751\",\n \"CVE-2022-26752\",\n \"CVE-2022-26753\",\n \"CVE-2022-26754\",\n \"CVE-2022-26755\",\n \"CVE-2022-26756\",\n \"CVE-2022-26757\",\n \"CVE-2022-26761\",\n \"CVE-2022-26762\",\n \"CVE-2022-26763\",\n \"CVE-2022-26764\",\n \"CVE-2022-26765\",\n \"CVE-2022-26766\",\n \"CVE-2022-26767\",\n \"CVE-2022-26768\",\n \"CVE-2022-26769\",\n \"CVE-2022-26770\",\n \"CVE-2022-26772\",\n \"CVE-2022-26775\",\n \"CVE-2022-26776\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213257\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-05-16-2\");\n script_xref(name:\"IAVA\", value:\"2022-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n\n script_name(english:\"macOS 12.x < 12.4 (HT213257)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.4 Monterey. It is, therefore, \naffected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2018-25032)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser. (CVE-2021-44790)\n\n - Exploitation of this vulnerability may lead to arbitrary code execution. (CVE-2021-45444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213257\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26772\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26776\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0', \n 'fixed_version': '12.4', \n 'fixed_display': 'macOS Monterey 12.4'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-06T12:29:08", "description": "The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-39.NASL", "href": "https://www.tenable.com/plugins/nessus/164535", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-39.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164535);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/31\");\n\n script_cve_id(\n \"CVE-2022-2294\",\n \"CVE-2022-22589\",\n \"CVE-2022-22590\",\n \"CVE-2022-22592\",\n \"CVE-2022-22620\",\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-22677\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\",\n \"CVE-2022-30294\",\n \"CVE-2022-32784\",\n \"CVE-2022-32792\",\n \"CVE-2022-32893\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/02/25\");\n\n script_name(english:\"GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted\n mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS\n 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content\n may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a\n duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS\n 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content\n may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively\n exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-39\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=832990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=837305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=839984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=845252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=856445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=861740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866494\");\n script_set_attribute(attribute:\"solution\", value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=net-libs/webkit-gtk-2.36.7\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"net-libs/webkit-gtk\",\n 'unaffected' : make_list(\"ge 2.36.7\", \"lt 2.0.0\"),\n 'vulnerable' : make_list(\"lt 2.36.7\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T23:00:42", "description": "The remote host is running a version of macOS / Mac OS X that is prior to Catalina Security Update 2022-004.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.\n (CVE-2021-45444)\n\n - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2022-0530)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. (CVE-2022-22665)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-20T00:00:00", "type": "nessus", "title": "macOS 10.15.x < Catalina Security Update 2022-004 Catalina (HT213255)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22589", "CVE-2022-22663", "CVE-2022-22665", "CVE-2022-22674", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26726", "CVE-2022-26727", "CVE-2022-26728", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26751", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26763", "CVE-2022-26766", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26775"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213255.NASL", "href": "https://www.tenable.com/plugins/nessus/161402", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161402);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2018-25032\",\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2021-45444\",\n \"CVE-2022-0530\",\n \"CVE-2022-0778\",\n \"CVE-2022-22589\",\n \"CVE-2022-22663\",\n \"CVE-2022-22665\",\n \"CVE-2022-22674\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23308\",\n \"CVE-2022-26697\",\n \"CVE-2022-26698\",\n \"CVE-2022-26714\",\n \"CVE-2022-26715\",\n \"CVE-2022-26720\",\n \"CVE-2022-26721\",\n \"CVE-2022-26722\",\n \"CVE-2022-26726\",\n \"CVE-2022-26727\",\n \"CVE-2022-26728\",\n \"CVE-2022-26746\",\n \"CVE-2022-26748\",\n \"CVE-2022-26751\",\n \"CVE-2022-26755\",\n \"CVE-2022-26756\",\n \"CVE-2022-26757\",\n \"CVE-2022-26761\",\n \"CVE-2022-26763\",\n \"CVE-2022-26766\",\n \"CVE-2022-26769\",\n \"CVE-2022-26770\",\n \"CVE-2022-26775\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213255\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-05-16-4\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/25\");\n script_xref(name:\"IAVA\", value:\"2022-A-0212-S\");\n\n script_name(english:\"macOS 10.15.x < Catalina Security Update 2022-004 Catalina (HT213255)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is prior to Catalina Security Update 2022-004.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many\n distant matches. (CVE-2018-25032)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the\n prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.\n (CVE-2021-45444)\n\n - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local\n string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially\n crafted zip file, leading to a crash or code execution. (CVE-2022-0530)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted\n mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A\n malicious application may be able to gain root privileges. (CVE-2022-22665)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213255\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.15.x Catalina Security Update 2022-004 Catalina or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26770\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26775\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\n\nvar constraints = [\n {\n 'max_version' : '10.15.7',\n 'min_version' : '10.15',\n 'fixed_build' : '19H1922',\n 'fixed_display' : 'Catalina Security Update 2022-004'\n }\n];\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:23:43", "description": "The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.6 Big Sur. It is, therefore, affected by multiple vulnerabilities including the following:\n\n - A logic issue in AppKit that may allow a malicious application to gain root privileges. (CVE-2022-22665)\n\n - A logic issue in Apache HTTP Server where it fails to close an inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. (CVE-2022-22720)\n\n - A buffer overflow issue in the mod_lua component of Apache HTTP Server. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-20T00:00:00", "type": "nessus", "title": "macOS 11.x < 11.6.6 Multiple Vulnerabilities (HT213256)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2021-46059", "CVE-2022-0128", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22589", "CVE-2022-22663", "CVE-2022-22665", "CVE-2022-22674", "CVE-2022-22675", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26706", "CVE-2022-26712", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26718", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26723", "CVE-2022-26726", "CVE-2022-26728", "CVE-2022-26745", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26751", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26763", "CVE-2022-26766", "CVE-2022-26767", "CVE-2022-26768", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26776"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213256.NASL", "href": "https://www.tenable.com/plugins/nessus/161395", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161395);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2018-25032\",\n \"CVE-2021-4136\",\n \"CVE-2021-4166\",\n \"CVE-2021-4173\",\n \"CVE-2021-4187\",\n \"CVE-2021-4192\",\n \"CVE-2021-4193\",\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2021-45444\",\n \"CVE-2021-46059\",\n \"CVE-2022-0128\",\n \"CVE-2022-0530\",\n \"CVE-2022-0778\",\n \"CVE-2022-22589\",\n \"CVE-2022-22663\",\n \"CVE-2022-22665\",\n \"CVE-2022-22674\",\n \"CVE-2022-22675\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23308\",\n \"CVE-2022-26697\",\n \"CVE-2022-26698\",\n \"CVE-2022-26706\",\n \"CVE-2022-26712\",\n \"CVE-2022-26714\",\n \"CVE-2022-26715\",\n \"CVE-2022-26718\",\n \"CVE-2022-26720\",\n \"CVE-2022-26721\",\n \"CVE-2022-26722\",\n \"CVE-2022-26723\",\n \"CVE-2022-26726\",\n \"CVE-2022-26728\",\n \"CVE-2022-26745\",\n \"CVE-2022-26746\",\n \"CVE-2022-26748\",\n \"CVE-2022-26751\",\n \"CVE-2022-26755\",\n \"CVE-2022-26756\",\n \"CVE-2022-26757\",\n \"CVE-2022-26761\",\n \"CVE-2022-26763\",\n \"CVE-2022-26766\",\n \"CVE-2022-26767\",\n \"CVE-2022-26768\",\n \"CVE-2022-26769\",\n \"CVE-2022-26770\",\n \"CVE-2022-26776\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n script_xref(name:\"APPLE-SA\", value:\"HT213256\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/25\");\n\n script_name(english:\"macOS 11.x < 11.6.6 Multiple Vulnerabilities (HT213256)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.6 Big Sur. It is, therefore,\naffected by multiple vulnerabilities including the following:\n\n - A logic issue in AppKit that may allow a malicious application to gain root privileges. (CVE-2022-22665)\n\n - A logic issue in Apache HTTP Server where it fails to close an inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling. (CVE-2022-22720)\n\n - A buffer overflow issue in the mod_lua component of Apache HTTP Server. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213256\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 11.6.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26770\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26776\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [{ 'min_version' : '11.0', 'fixed_version' : '11.6.6', 'fixed_display' : 'macOS Big Sur 11.6.6' }];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-02-09T14:18:05", "description": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-26T20:15:00", "type": "cve", "title": "CVE-2022-26774", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26774"], "modified": "2022-06-07T21:08:00", "cpe": [], "id": "CVE-2022-26774", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26774", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:18:06", "description": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-05-26T20:15:00", "type": "cve", "title": "CVE-2022-26773", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26773"], "modified": "2022-06-07T21:09:00", "cpe": [], "id": "CVE-2022-26773", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26773", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:17:57", "description": "An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-26T19:15:00", "type": "cve", "title": "CVE-2022-26711", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26711"], "modified": "2022-06-07T21:15:00", "cpe": [], "id": "CVE-2022-26711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26711", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:18:02", "description": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-26T20:15:00", "type": "cve", "title": "CVE-2022-26751", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26751"], "modified": "2022-06-07T19:49:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-26751", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26751", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:17:58", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-26717", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-26717"], "modified": "2022-11-03T13:14:00", "cpe": [], "id": "CVE-2022-26717", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26717", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "zdi": [{"lastseen": "2022-06-07T23:10:34", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of WebP images in the ImageIO framework. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-26T00:00:00", "type": "zdi", "title": "Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26711"], "modified": "2022-05-26T00:00:00", "id": "ZDI-22-792", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-792/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-07T23:10:32", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of HEIC files in the VTDecoderXPCService process. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current user.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-26T00:00:00", "type": "zdi", "title": "Apple macOS HEIC File Parsing Memory Corruption Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26751"], "modified": "2022-05-26T00:00:00", "id": "ZDI-22-794", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-794/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-01-05T00:33:25", "description": "webkitgtk is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution due to improper input validation, which allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-12-31T00:46:05", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-26717"], "modified": "2023-01-04T07:22:14", "id": "VERACODE:38699", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-38699/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-03-08T23:17:08", "description": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a use-after-free vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-07T02:29:18", "type": "redhatcve", "title": "CVE-2022-26717", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-26717"], "modified": "2023-03-08T21:32:29", "id": "RH:CVE-2022-26717", "href": "https://access.redhat.com/security/cve/cve-2022-26717", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-01-27T13:19:55", "description": "A use after free issue was addressed with improved memory management. This\nissue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS\nMonterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing\nmaliciously crafted web content may lead to arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-30T00:00:00", "type": "ubuntucve", "title": "CVE-2022-26717", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-26717"], "modified": "2022-05-30T00:00:00", "id": "UB:CVE-2022-26717", "href": "https://ubuntu.com/security/CVE-2022-26717", "cvss": {"score": 0.0, "vector": "NONE"}}], "debiancve": [{"lastseen": "2023-03-28T06:11:48", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T20:15:00", "type": "debiancve", "title": "CVE-2022-26717", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-26717"], "modified": "2022-11-01T20:15:00", "id": "DEBIANCVE:CVE-2022-26717", "href": "https://security-tracker.debian.org/tracker/CVE-2022-26717", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2022-09-28T00:19:01", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-05T01:13:31", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: webkit2gtk3-2.36.3-1.fc36", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717"], "modified": "2022-06-05T01:13:31", "id": "FEDORA:94DB030B0318", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CRJHWXU3ERHLFYRGTYF44QVE7JV7LKRS/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-28T00:19:01", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-18T01:45:03", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: webkit2gtk3-2.36.3-1.fc35", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717"], "modified": "2022-06-18T01:45:03", "id": "FEDORA:2A61830571BA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RVMGE5ECOM25U4DHCDYLQAG7CUQWGA6M/", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2023-01-26T15:12:28", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nA large number of security issues were discovered in the WebKitGTK Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "ubuntu", "title": "WebKitGTK vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719"], "modified": "2022-06-01T00:00:00", "id": "USN-5457-1", "href": "https://ubuntu.com/security/notices/USN-5457-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-09-28T00:06:51", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n Update to version 2.36.3 (bsc#1200106)\n\n - CVE-2022-30293: Fixed heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).\n - CVE-2022-26700: Fixed memory corruption issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n - CVE-2022-26709: Fixed use after free issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n - CVE-2022-26716: Fixed use after free issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n - CVE-2022-26717: Fixed memory corruption issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n - CVE-2022-26719: Fixed memory corruption issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2072=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2072=1\n\n - SUSE Manager Server 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2072=1\n\n - SUSE Manager Retail Branch Server 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2072=1\n\n - SUSE Manager Proxy 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2072=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP2:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2072=1\n\n - SUSE Linux Enterprise Server 15-SP2-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2072=1\n\n - SUSE Linux Enterprise Server 15-SP2-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2072=1\n\n - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2072=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2072=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2072=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2072=1\n\n - SUSE Enterprise Storage 7:\n\n zypper in -t patch SUSE-Storage-7-2022-2072=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-06-14T00:00:00", "id": "SUSE-SU-2022:2072-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BIXOIOW5LYPLN3YGZMD6STOS3NGLD42Z/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-28T00:06:51", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n Update to version 2.36.3 (bsc#1200106)\n\n - CVE-2022-30293: Fixed heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).\n - CVE-2022-26700: Fixed memory corruption issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n - CVE-2022-26709: Fixed use after free issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n - CVE-2022-26716: Fixed use after free issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n - CVE-2022-26717: Fixed memory corruption issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n - CVE-2022-26719: Fixed memory corruption issue that may lead to code\n execution when processing maliciously crafted web content (bsc#1200106).\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2071=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2071=1\n\n - SUSE Linux Enterprise Module for Desktop Applications 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2071=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2071=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-06-14T00:00:00", "id": "SUSE-SU-2022:2071-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/COANCBOGETMF36EMNYZCSDGRKNKPCIMF/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:21:00", "description": "\nThe following vulnerabilities have been discovered in the WPE WebKit\nweb engine:\n\n\n* [CVE-2022-26700](https://security-tracker.debian.org/tracker/CVE-2022-26700)\nryuzaki discovered that processing maliciously crafted web content\n may lead to code execution.\n* [CVE-2022-26709](https://security-tracker.debian.org/tracker/CVE-2022-26709)\nChijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-26716](https://security-tracker.debian.org/tracker/CVE-2022-26716)\nSorryMybad discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-26717](https://security-tracker.debian.org/tracker/CVE-2022-26717)\nJeonghoon Shin discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-26719](https://security-tracker.debian.org/tracker/CVE-2022-26719)\nDongzhuo Zhao discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-30293](https://security-tracker.debian.org/tracker/CVE-2022-30293)\nChijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution or to a denial of\n service (application crash).\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.3-1~deb11u1.\n\n\nWe recommend that you upgrade your wpewebkit packages.\n\n\nFor the detailed security status of wpewebkit please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/wpewebkit](https://security-tracker.debian.org/tracker/wpewebkit)\n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "osv", "title": "wpewebkit - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26719", "CVE-2022-26709", "CVE-2022-30293", "CVE-2022-26717", "CVE-2022-26700", "CVE-2022-26716"], "modified": "2022-08-10T07:20:55", "id": "OSV:DSA-5155-1", "href": "https://osv.dev/vulnerability/DSA-5155-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:21:00", "description": "\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\n\n* [CVE-2022-26700](https://security-tracker.debian.org/tracker/CVE-2022-26700)\nryuzaki discovered that processing maliciously crafted web content\n may lead to code execution.\n* [CVE-2022-26709](https://security-tracker.debian.org/tracker/CVE-2022-26709)\nChijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-26716](https://security-tracker.debian.org/tracker/CVE-2022-26716)\nSorryMybad discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-26717](https://security-tracker.debian.org/tracker/CVE-2022-26717)\nJeonghoon Shin discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-26719](https://security-tracker.debian.org/tracker/CVE-2022-26719)\nDongzhuo Zhao discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2022-30293](https://security-tracker.debian.org/tracker/CVE-2022-30293)\nChijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution or to a denial of\n service (application crash).\n\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.36.3-1~deb10u1.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.3-1~deb11u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/webkit2gtk](https://security-tracker.debian.org/tracker/webkit2gtk)\n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26719", "CVE-2022-26709", "CVE-2022-30293", "CVE-2022-26717", "CVE-2022-26700", "CVE-2022-26716"], "modified": "2022-08-10T07:20:55", "id": "OSV:DSA-5154-1", "href": "https://osv.dev/vulnerability/DSA-5154-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-01-21T22:41:17", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5154-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nJune 01, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717\n CVE-2022-26719 CVE-2022-30293 CVE-2022-30294\n\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\nCVE-2022-26700\n\n ryuzaki discovered that processing maliciously crafted web content\n may lead to code execution.\n\nCVE-2022-26709\n\n Chijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-26716\n\n SorryMybad discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-26717\n\n Jeonghoon Shin discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-26719\n\n Dongzhuo Zhao discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-30293\n\n Chijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution or to a denial of\n service (application crash).\n\nCVE-2022-30294\n\n Chijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution or to a denial of\n service (application crash).\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.36.3-1~deb10u1.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.3-1~deb11u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-31T23:38:05", "type": "debian", "title": "[SECURITY] [DSA 5154-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294"], "modified": "2022-05-31T23:38:05", "id": "DEBIAN:DSA-5154-1:97DF0", "href": "https://lists.debian.org/debian-security-announce/2022/msg00122.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-21T22:41:08", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5155-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nJune 01, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpewebkit\nCVE ID : CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717\n CVE-2022-26719 CVE-2022-30293 CVE-2022-30294\n\nThe following vulnerabilities have been discovered in the WPE WebKit\nweb engine:\n\nCVE-2022-26700\n\n ryuzaki discovered that processing maliciously crafted web content\n may lead to code execution.\n\nCVE-2022-26709\n\n Chijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-26716\n\n SorryMybad discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-26717\n\n Jeonghoon Shin discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-26719\n\n Dongzhuo Zhao discovered that Processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2022-30293\n\n Chijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution or to a denial of\n service (application crash).\n\nCVE-2022-30294\n\n Chijin Zhou discovered that processing maliciously crafted web\n content may lead to arbitrary code execution or to a denial of\n service (application crash).\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.3-1~deb11u1.\n\nWe recommend that you upgrade your wpewebkit packages.\n\nFor the detailed security status of wpewebkit please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpewebkit\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-31T23:39:09", "type": "debian", "title": "[SECURITY] [DSA 5155-1] wpewebkit security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294"], "modified": "2022-05-31T23:39:09", "id": "DEBIAN:DSA-5155-1:3DDFA", "href": "https://lists.debian.org/debian-security-announce/2022/msg00123.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2022-11-15T15:26:08", "description": "glib2\n[2.56.4-159.0.1]\n- Rebuild with python 36 [Orabug: 34701176]\n[2.56.4-159]\n- Add --interface-info-[body|header] modes to gdbus-codegen\n- Related: #2061994\nwebkit2gtk3", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "oraclelinux", "title": "webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T00:00:00", "id": "ELSA-2022-7704", "href": "http://linux.oracle.com/errata/ELSA-2022-7704.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-22T10:47:42", "description": " ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "oraclelinux", "title": "webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-22T00:00:00", "id": "ELSA-2022-8054", "href": "http://linux.oracle.com/errata/ELSA-2022-8054.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-02-02T17:07:27", "description": "An update is available for webkit2gtk3.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nWebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:46", "type": "rocky", "title": "webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-08T06:26:46", "id": "RLSA-2022:7704", "href": "https://errata.rockylinux.org/RLSA-2022:7704", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T17:07:13", "description": "An update is available for webkit2gtk3.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nWebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T06:14:22", "type": "rocky", "title": "webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T06:14:22", "id": "RLSA-2022:8054", "href": "https://errata.rockylinux.org/RLSA-2022:8054", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2022-11-15T10:06:25", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T06:14:22", "type": "redhat", "title": "(RHSA-2022:8054) Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T08:05:02", "id": "RHSA-2022:8054", "href": "https://access.redhat.com/errata/RHSA-2022:8054", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T08:46:30", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:46", "type": "redhat", "title": "(RHSA-2022:7704) Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-08T07:49:12", "id": "RHSA-2022:7704", "href": "https://access.redhat.com/errata/RHSA-2022:7704", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T02:13:35", "description": "Service Binding manages the data plane for applications and backing services.\n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-27T00:54:13", "type": "redhat", "title": "(RHSA-2023:0918) Moderate: Service Binding Operator security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41717", "CVE-2022-42898", "CVE-2022-47629"], "modified": "2023-02-27T00:54:29", "id": "RHSA-2023:0918", "href": "https://access.redhat.com/errata/RHSA-2023:0918", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-13T18:11:18", "description": "The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T13:57:18", "type": "redhat", "title": "(RHSA-2022:8964) Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-37434", "CVE-2022-3782", "CVE-2022-3916", "CVE-2022-42898"], "modified": "2022-12-13T13:57:35", "id": "RHSA-2022:8964", "href": "https://access.redhat.com/errata/RHSA-2022:8964", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-16T12:06:26", "description": "Logging Subsystem 5.4.8 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T10:51:23", "type": "redhat", "title": "(RHSA-2022:7435) Moderate: Logging Subsystem 5.4.8 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36518", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-40674", "CVE-2022-42003", "CVE-2022-42004"], "modified": "2022-11-16T10:51:42", "id": "RHSA-2022:7435", "href": "https://access.redhat.com/errata/RHSA-2022:7435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-15T22:12:55", "description": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags\n\nBugs addressed:\n\n* Build Submariner 0.13.3 (ACM-2226)\n* Verify Submariner with OCP 4.12 (ACM-2435)\n* Submariner does not support cluster \"kube-proxy ipvs mode\" (ACM-2821)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-15T20:03:23", "type": "redhat", "title": "(RHSA-2023:0795) Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-02-15T20:43:54", "id": "RHSA-2023:0795", "href": "https://access.redhat.com/errata/RHSA-2023:0795", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T10:12:25", "description": "Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. \n\nThis release includes security and bug fixes, and enhancements.\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\nFor more details about the security issues, including the impact; a CVSS score;\nacknowledgments; and other related information refer to the CVE pages linked in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2023-02-09T09:50:26", "type": "redhat", "title": "(RHSA-2023:0709) Moderate: Release of OpenShift Serverless 1.27.0", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41715", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680", "CVE-2023-21835", "CVE-2023-21843"], "modified": "2023-02-09T09:50:54", "id": "RHSA-2023:0709", "href": "https://access.redhat.com/errata/RHSA-2023:0709", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-13T02:22:53", "description": "Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. \n\nThis release includes security and bug fixes, and enhancements.\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\nFor more details about the security issues, including the impact; a CVSS score;\nacknowledgments; and other related information refer to the CVE pages linked in\nthe References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T02:09:25", "type": "redhat", "title": "(RHSA-2022:8938) Low: Release of OpenShift Serverless 1.26.0", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-43565", "CVE-2022-1304", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27191", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-39399"], "modified": "2022-12-13T02:09:38", "id": "RHSA-2022:8938", "href": "https://access.redhat.com/errata/RHSA-2022:8938", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-07T18:35:40", "description": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n* CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\nBugs addressed:\n\n* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)\n* [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)\n* Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)\n* submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)\n* Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)\n* unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)\n* [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)\n* Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)\n* RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)\n* Submariner OVN support (ACM-1358)\n* Submariner Azure Console support (ACM-1388)\n* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)\n* Submariner on disconnected ACM #22000 (ACM-1678)\n* Submariner gateway: Error creating AWS security group if already exists (ACM-2055)\n* Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)\n* The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)\n* The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)\n* Subctl 0.14.0 prints version \"vsubctl\" (ACM-2132)\n* managedclusters \"local-cluster\" not found and missing Submariner Broker CRD (ACM-2145)\n* Add support of ARO to Submariner deployment (ACM-2150)\n* The e2e tests execution fails for \"Basic TCP connectivity\" tests (ACM-2204)\n* Gateway error shown \"diagnose all\" tests (ACM-2206)\n* Submariner does not support cluster \"kube-proxy ipvs mode\"(ACM-2211)\n* Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)\n* Cannot use submariner with OSP and self signed certs (ACM-2274)\n* Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)\n* Subctl 0.14.1 prints version \"devel\" (ACM-2482)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-07T16:35:37", "type": "redhat", "title": "(RHSA-2023:0631) Moderate: RHSA: Submariner 0.14 - bug fix and security updates", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41715", "CVE-2022-41717", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-02-07T16:35:58", "id": "RHSA-2023:0631", "href": "https://access.redhat.com/errata/RHSA-2023:0631", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T12:11:39", "description": "Security Fix(es):\n\n* mtr-web-container: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-26T11:33:15", "type": "redhat", "title": "(RHSA-2023:0470) Important: Migration Toolkit for Runtimes security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-46848", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1471", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-37434", "CVE-2022-42898", "CVE-2022-42920"], "modified": "2023-01-26T11:33:34", "id": "RHSA-2023:0470", "href": "https://access.redhat.com/errata/RHSA-2023:0470", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-30T18:12:00", "description": "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers container images for the release.\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* kiali: error message spoofing in kiali UI (CVE-2022-3962)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-30T16:30:30", "type": "redhat", "title": "(RHSA-2023:0542) Important: Red Hat OpenShift Service Mesh 2.3.1 Containers security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2021-23648", "CVE-2021-4238", "CVE-2021-46848", "CVE-2022-1304", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-21673", "CVE-2022-21698", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-28131", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-37434", "CVE-2022-39278", "CVE-2022-3962", "CVE-2022-41715", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-01-30T16:30:42", "id": "RHSA-2023:0542", "href": "https://access.redhat.com/errata/RHSA-2023:0542", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-09T02:14:30", "description": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-09T01:23:02", "type": "redhat", "title": "(RHSA-2023:1174) Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1122", "CVE-2022-1304", "CVE-2022-2056", "CVE-2022-2057", "CVE-2022-2058", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2519", "CVE-2022-2520", "CVE-2022-2521", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-2867", "CVE-2022-2868", "CVE-2022-2869", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-2953", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41715", "CVE-2022-41717", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680", "CVE-2022-4415", "CVE-2022-44617", "CVE-2022-46285", "CVE-2022-47629", "CVE-2022-48303", "CVE-2022-4883"], "modified": "2023-03-09T01:23:20", "id": "RHSA-2023:1174", "href": "https://access.redhat.com/errata/RHSA-2023:1174", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-15T02:08:37", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-15T01:56:18", "type": "redhat", "title": "(RHSA-2022:9047) Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-35525", "CVE-2020-35527", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1122", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27664", "CVE-2022-28131", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-42898"], "modified": "2022-12-15T01:56:30", "id": "RHSA-2022:9047", "href": "https://access.redhat.com/errata/RHSA-2022:9047", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-01T18:07:37", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nSecurity Fix(es):\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not 'latest' (BZ#2102694)\n\n* [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1 images.\n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-01T18:00:01", "type": "redhat", "title": "(RHSA-2022:8750) Moderate: OpenShift Virtualization 4.11.1 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2016-3709", "CVE-2020-0256", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-0308", "CVE-2021-38561", "CVE-2022-0391", "CVE-2022-0934", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-24675", "CVE-2022-24795", "CVE-2022-24921", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-28327", "CVE-2022-29154", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-38177", "CVE-2022-38178", "CVE-2022-40674"], "modified": "2022-12-01T18:00:15", "id": "RHSA-2022:8750", "href": "https://access.redhat.com/errata/RHSA-2022:8750", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-14T23:19:21", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nBugs addressed:\n\n* clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679)\n\n* RHACM 2.6.3 images (BZ# 2139085)\n\nSecurity fixes:\n\n* CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function \n Security\n\n* CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-14T19:39:55", "type": "redhat", "title": "(RHSA-2022:9040) Important: Red Hat Advanced Cluster Management 2.6.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-3517", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-41912", "CVE-2022-42898"], "modified": "2022-12-14T19:40:16", "id": "RHSA-2022:9040", "href": "https://access.redhat.com/errata/RHSA-2022:9040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T15:07:31", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-24T13:18:25", "type": "redhat", "title": "(RHSA-2023:0408) Important: OpenShift Virtualization 4.12.0 Images security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2016-3709", "CVE-2020-0256", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-0308", "CVE-2021-38561", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-0391", "CVE-2022-0934", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1798", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24795", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-28131", "CVE-2022-29526", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-3787", "CVE-2022-40674", "CVE-2022-42898"], "modified": "2023-01-24T13:18:39", "id": "RHSA-2023:0408", "href": "https://access.redhat.com/errata/RHSA-2023:0408", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T02:24:09", "description": "Migration Toolkit for Applications 6.0.1 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-28T00:48:46", "type": "redhat", "title": "(RHSA-2023:0934) Important: Migration Toolkit for Applications security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-36567", "CVE-2021-35065", "CVE-2021-46848", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-2056", "CVE-2022-2057", "CVE-2022-2058", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23521", "CVE-2022-24999", "CVE-2022-2519", "CVE-2022-2520", "CVE-2022-2521", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-2867", "CVE-2022-2868", "CVE-2022-2869", "CVE-2022-2953", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-37601", "CVE-2022-37603", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-3821", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41717", "CVE-2022-41903", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-42920", "CVE-2022-43680", "CVE-2022-46175", "CVE-2022-47629", "CVE-2023-21830", "CVE-2023-21835", "CVE-2023-21843"], "modified": "2023-03-01T00:30:47", "id": "RHSA-2023:0934", "href": "https://access.redhat.com/errata/RHSA-2023:0934", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-08T18:08:09", "description": "Openshift Logging Bug Fix Release (5.3.14)\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T16:23:35", "type": "redhat", "title": "(RHSA-2022:8889) Moderate: Openshift Logging 5.3.14 bug fix release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36516", "CVE-2020-36518", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1852", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-20368", "CVE-2022-2068", "CVE-2022-2078", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2509", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-39399", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42898"], "modified": "2022-12-08T16:23:58", "id": "RHSA-2022:8889", "href": "https://access.redhat.com/errata/RHSA-2022:8889", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-08T08:08:09", "description": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T07:35:26", "type": "redhat", "title": "(RHSA-2022:8781) Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36516", "CVE-2020-36518", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1852", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-20368", "CVE-2022-2068", "CVE-2022-2078", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2509", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27664", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-32189", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-37603", "CVE-2022-39399", "CVE-2022-41715", "CVE-2022-42003", "CVE-2022-42004"], "modified": "2022-12-08T07:35:50", "id": "RHSA-2022:8781", "href": "https://access.redhat.com/errata/RHSA-2022:8781", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "almalinux": [{"lastseen": "2023-03-16T08:10:16", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "almalinux", "title": "Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-03-13T16:36:09", "id": "ALSA-2022:7704", "href": "https://errata.almalinux.org/8/ALSA-2022-7704.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-09-01T00:11:02", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.\n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.36.7\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-31T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "id": "GLSA-202208-39", "href": "https://security.gentoo.org/glsa/202208-39", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}

Apple iTunes &lt; 12.12.4 Multiple Vulnerabilities (uncredentialed check)

Description

Related

Apple iTunes < 12.12.4 Multiple Vulnerabilities (uncredentialed check)