The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, affected by multiple vulnerabilities :
- Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)
- Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)
- Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)
Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.
{"id": "MACOS_HT213345.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "macOS 12.x < 12.5 (HT213345)", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "published": "2022-08-19T00:00:00", "modified": "2022-12-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://www.tenable.com/plugins/nessus/164291", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32845", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32839", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32810", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32834", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32807", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32801", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32823", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32819", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32857", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32789", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29046", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32825", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32849", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32796", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32841", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070", "https://support.apple.com/en-gb/HT213345", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32840", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26981", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32785", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32815", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32831", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32792", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32805", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32812", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32818", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32832", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32797", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32798", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32799", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32786", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32820", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32837", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32851", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32811", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32842", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32826", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32838", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32817", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29048", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32847", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32852", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32787", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32821", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32853", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32814", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32828", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32800", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32813", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32843", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32848", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32793", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32816"], "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857"], "immutableFields": [], "lastseen": "2023-01-26T10:39:14", "viewCount": 89, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:2234"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-28544"]}, {"type": "apple", "idList": ["APPLE:138DC64ECE1F07104C6EF7D22CA29AAF", "APPLE:315A0A489FE54A17BA14F0B62D49D716", "APPLE:36D1157BC66453E0491C66ACBF433EE9", "APPLE:37AFBB95AFD80D918469C22F0A05655D", "APPLE:525A1C81291F8006179082509655B7D2", "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "APPLE:AC49D86768B40C9859AF7DC3073E5DAF", "APPLE:DF68F7FFE1ED4E5157204A83619C4B89"]}, {"type": "archlinux", "idList": ["ASA-202207-1", "ASA-202207-2", "ASA-202207-3", "ASA-202207-4"]}, {"type": "attackerkb", "idList": ["AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61"]}, {"type": "avleonov", "idList": ["AVLEONOV:B87691B304EF70215B926F66B871260A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0566"]}, {"type": "chrome", "idList": ["GCSA-5089288012050676645", "GCSA-7720125337817983232"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-2294"]}, {"type": "cnvd", "idList": ["CNVD-2022-71989", "CNVD-2022-71990", "CNVD-2022-71991", "CNVD-2022-71992", "CNVD-2022-71993", "CNVD-2022-71995", "CNVD-2022-71996", "CNVD-2022-71997", "CNVD-2022-71998", "CNVD-2022-71999", "CNVD-2022-79936", "CNVD-2022-79937"]}, {"type": "cve", "idList": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3073-1:E36D1", "DEBIAN:DSA-5119-1:7E87F", "DEBIAN:DSA-5180-1:E631C", "DEBIAN:DSA-5210-1:35DB1", "DEBIAN:DSA-5211-1:03E97"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-28544", "DEBIANCVE:CVE-2022-2294", "DEBIANCVE:CVE-2022-24070", "DEBIANCVE:CVE-2022-26981", "DEBIANCVE:CVE-2022-32792", "DEBIANCVE:CVE-2022-32793", "DEBIANCVE:CVE-2022-32816"]}, {"type": "fedora", "idList": ["FEDORA:1A1AC3021A53", "FEDORA:1AA1C30A3C1B", "FEDORA:2388E3047E08", "FEDORA:29E5830A072A", "FEDORA:37BC53027FD7", "FEDORA:4842C30687AF", "FEDORA:9304B3056A49", "FEDORA:D921930742B0", "FEDORA:F05583046B1B"]}, {"type": "freebsd", "idList": ["3A1DC8C8-BB27-11EC-98D1-D43D7EED0CE2", "744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202208-35", "GLSA-202208-39", "GLSA-202301-06"]}, {"type": "github", "idList": ["GHSA-M5CW-C64P-77H6", "GHSA-WPR6-QVCQ-8269"]}, {"type": "githubexploit", "idList": ["37393B8B-A626-5459-AD36-69EB66654B35", "84E2D1AF-A777-566C-B293-27ED87F2C35C"]}, {"type": "hivepro", "idList": ["HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809"]}, {"type": "ibm", "idList": ["0684EEF1DBBEA5E086BE67D9371162A4B2D40B51AF47A98550F0A7A6D11D500F", "9209CA54A0A6D36B7CC32191CCFD17C389F41528924D698986F497F467C293A7"]}, {"type": "kaspersky", "idList": ["KLA12578", "KLA12579", "KLA12587"]}, {"type": "krebs", "idList": ["KREBS:93C313996DC56B0E237DCF999BF438CB"]}, {"type": "mageia", "idList": ["MGASA-2022-0140", "MGASA-2022-0287"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "MALWAREBYTES:6E72426C60EECBEF071E305072060892"]}, {"type": "mscve", "idList": ["MS:CVE-2022-2294"]}, {"type": "nessus", "idList": ["701415.PASL", "AL2022_ALAS2022-2022-076.NASL", "AL2022_ALAS2022-2022-149.NASL", "ALMA_LINUX_ALSA-2022-2234.NASL", "ALMA_LINUX_ALSA-2022-4591.NASL", "APPLE_IOS_156_CHECK.NBIN", "CENTOS8_RHSA-2022-2234.NASL", "CENTOS8_RHSA-2022-4941.NASL", "CLOUDBEES-SECURITY-ADVISORY-2022-04-12.NASL", "DEBIAN_DLA-3073.NASL", "DEBIAN_DSA-5119.NASL", "DEBIAN_DSA-5180.NASL", "DEBIAN_DSA-5210.NASL", "DEBIAN_DSA-5211.NASL", "EULEROS_SA-2022-1952.NASL", "EULEROS_SA-2022-1983.NASL", "EULEROS_SA-2022-2013.NASL", "EULEROS_SA-2022-2147.NASL", "EULEROS_SA-2022-2172.NASL", "EULEROS_SA-2022-2226.NASL", "FREEBSD_PKG_3A1DC8C8BB2711EC98D1D43D7EED0CE2.NASL", "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "GENTOO_GLSA-202208-35.NASL", "GENTOO_GLSA-202208-39.NASL", "GENTOO_GLSA-202301-06.NASL", "GOOGLE_CHROME_103_0_5060_114.NASL", "JENKINS_SECURITY_ADVISORY_2022-04-12_PLUGINS.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "MACOS_HT213343.NASL", "MACOS_HT213344.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "OPENSUSE-2022-10055-1.NASL", "OPENSUSE-2022-10057-1.NASL", "OPENSUSE-2022-10087-1.NASL", "OPENSUSE-2022-10088-1.NASL", "ORACLELINUX_ELSA-2022-2234.NASL", "ORACLELINUX_ELSA-2022-4591.NASL", "ORACLELINUX_ELSA-2022-4941.NASL", "REDHAT-RHSA-2022-0871.NASL", "REDHAT-RHSA-2022-1600.NASL", "REDHAT-RHSA-2022-2205.NASL", "REDHAT-RHSA-2022-2222.NASL", "REDHAT-RHSA-2022-2234.NASL", "REDHAT-RHSA-2022-2236.NASL", "REDHAT-RHSA-2022-2237.NASL", "REDHAT-RHSA-2022-2280.NASL", "REDHAT-RHSA-2022-4591.NASL", "REDHAT-RHSA-2022-4722.NASL", "REDHAT-RHSA-2022-4909.NASL", "REDHAT-RHSA-2022-4941.NASL", "REDHAT-RHSA-2022-4947.NASL", "SUSE_SU-2022-1161-1.NASL", "SUSE_SU-2022-1162-1.NASL", "SUSE_SU-2022-1483-1.NASL", "SUSE_SU-2022-2184-1.NASL", "SUSE_SU-2022-2252-1.NASL", "SUSE_SU-2022-2298-1.NASL", "SUSE_SU-2022-2820-1.NASL", "SUSE_SU-2022-2821-1.NASL", "SUSE_SU-2022-2826-1.NASL", "SUSE_SU-2022-2915-1.NASL", "UBUNTU_USN-5372-1.NASL", "UBUNTU_USN-5450-1.NASL", "UBUNTU_USN-5476-1.NASL", "UBUNTU_USN-5568-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-2234", "ELSA-2022-4591", "ELSA-2022-4941"]}, {"type": "osv", "idList": ["OSV:CVE-2021-28544", "OSV:CVE-2022-24070", "OSV:DLA-3073-1", "OSV:DSA-5119-1", "OSV:DSA-5180-1", "OSV:DSA-5210-1", "OSV:DSA-5211-1", "OSV:GHSA-M5CW-C64P-77H6", "OSV:GHSA-WPR6-QVCQ-8269"]}, {"type": "photon", "idList": ["PHSA-2022-0189", "PHSA-2022-0389"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:058E013CF475F33D6DEBB8955340D15B", "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3"]}, {"type": "redhat", "idList": ["RHSA-2022:0871", "RHSA-2022:1600", "RHSA-2022:2205", "RHSA-2022:2222", "RHSA-2022:2234", "RHSA-2022:2236", "RHSA-2022:2237", "RHSA-2022:2280", "RHSA-2022:2281", "RHSA-2022:4591", "RHSA-2022:4722", "RHSA-2022:4909", "RHSA-2022:4941", "RHSA-2022:4947"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28544", "RH:CVE-2022-24070", "RH:CVE-2022-26981", "RH:CVE-2022-29046", "RH:CVE-2022-29048"]}, {"type": "rocky", "idList": ["RLSA-2022:2234", "RLSA-2022:4941"]}, {"type": "securelist", "idList": ["SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10055-1", "OPENSUSE-SU-2022:10057-1", "OPENSUSE-SU-2022:10087-1", "OPENSUSE-SU-2022:10088-1", "SUSE-SU-2022:1162-1", "SUSE-SU-2022:2184-1", "SUSE-SU-2022:2252-1", "SUSE-SU-2022:2298-1", "SUSE-SU-2022:2820-1", "SUSE-SU-2022:2826-1"]}, {"type": "thn", "idList": ["THN:0ADE883013E260B4548F6E16D65487D3", "THN:222F7713CA968509F8C385BA29B0B6A5", "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "THN:5D50D5AA81EE14FA1044614364EAEBC6", "THN:80C4CCCAB293DD273948D1317EAC8B73", "THN:EDC4E93542AFAF751E67BF527C826DA4", "THN:FFFF05ECDE44C9ED26B53D328B60689B"]}, {"type": "threatpost", "idList": ["THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:D60D84608B5F24D96FDAD56776F9494A"]}, {"type": "ubuntu", "idList": ["USN-5372-1", "USN-5450-1", "USN-5476-1", "USN-5568-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-28544", "UB:CVE-2022-2294", "UB:CVE-2022-24070", "UB:CVE-2022-26981", "UB:CVE-2022-32792", "UB:CVE-2022-32816"]}, {"type": "veracode", "idList": ["VERACODE:35087", "VERACODE:35089", "VERACODE:35872", "VERACODE:36373", "VERACODE:36539", "VERACODE:36540"]}, {"type": "zdi", "idList": ["ZDI-22-1123", "ZDI-22-1130"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "vulnersScore": -0.2}, "_state": {"dependencies": 1674729669, "score": 1674729786}, "_internal": {"score_hash": "1c2d4c3d8a60266d2cf52866dab427a7"}, "pluginID": "164291", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164291);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2021-28544\",\n \"CVE-2022-2294\",\n \"CVE-2022-24070\",\n \"CVE-2022-26981\",\n \"CVE-2022-29046\",\n \"CVE-2022-29048\",\n \"CVE-2022-32785\",\n \"CVE-2022-32786\",\n \"CVE-2022-32787\",\n \"CVE-2022-32789\",\n \"CVE-2022-32792\",\n \"CVE-2022-32793\",\n \"CVE-2022-32796\",\n \"CVE-2022-32797\",\n \"CVE-2022-32798\",\n \"CVE-2022-32799\",\n \"CVE-2022-32800\",\n \"CVE-2022-32801\",\n \"CVE-2022-32805\",\n \"CVE-2022-32807\",\n \"CVE-2022-32810\",\n \"CVE-2022-32811\",\n \"CVE-2022-32812\",\n \"CVE-2022-32813\",\n \"CVE-2022-32814\",\n \"CVE-2022-32815\",\n \"CVE-2022-32816\",\n \"CVE-2022-32817\",\n \"CVE-2022-32818\",\n \"CVE-2022-32819\",\n \"CVE-2022-32820\",\n \"CVE-2022-32821\",\n \"CVE-2022-32823\",\n \"CVE-2022-32825\",\n \"CVE-2022-32826\",\n \"CVE-2022-32828\",\n \"CVE-2022-32829\",\n \"CVE-2022-32831\",\n \"CVE-2022-32832\",\n \"CVE-2022-32834\",\n \"CVE-2022-32837\",\n \"CVE-2022-32838\",\n \"CVE-2022-32839\",\n \"CVE-2022-32840\",\n \"CVE-2022-32841\",\n \"CVE-2022-32842\",\n \"CVE-2022-32843\",\n \"CVE-2022-32845\",\n \"CVE-2022-32847\",\n \"CVE-2022-32848\",\n \"CVE-2022-32849\",\n \"CVE-2022-32851\",\n \"CVE-2022-32852\",\n \"CVE-2022-32853\",\n \"CVE-2022-32857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213345\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-07-20\");\n script_xref(name:\"IAVA\", value:\"2022-A-0295-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"macOS 12.x < 12.5 (HT213345)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, \naffected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213345\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26981\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0', \n 'fixed_version': '12.5', \n 'fixed_display': 'macOS Monterey 12.5'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "solution": "Upgrade to macOS 12.5 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2022-26981", "vendor_cvss2": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-07-20T00:00:00", "vulnerabilityPublicationDate": "2022-07-20T00:00:00", "exploitableWith": []}
{"apple": [{"lastseen": "2022-11-18T14:56:45", "description": "# About the security content of macOS Monterey 12.5\n\nThis document describes the security content of macOS Monterey 12.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Monterey 12.5\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\nEntry added September 16, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32880: Wojciech Regu\u0142a (@_r3ggi) of SecuRing, Mickey Jin (@patch1t) of Trend Micro, Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added September 16, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-42805: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32948: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nEntry updated November 9, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**Archive Utility**\n\nAvailable for: macOS Monterey\n\nImpact: An archive may be able to bypass Gatekeeper\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32910: Ferdous Saljooki (@malwarezoo) of Jamf Software\n\nEntry added October 4, 2022\n\n**Audio**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**Automation**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Calendar**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: The issue was addressed with improved handling of caches.\n\nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**CoreMedia**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**iCloud Photo Library**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\nEntry added September 16, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed with improved locking.\n\nCVE-2022-32811: ABC Research s.r.o\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group\n\nEntry updated September 16, 2022\n\n**Liblouis**\n\nAvailable for: macOS Monterey\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved checks.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Multi-Touch**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-32786: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32800: Mickey Jin (@patch1t)\n\n**PluginKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**PS Normalizer**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32843: Kai Lu of Zscaler's ThreatLabz\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position may be able to leak sensitive information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive kernel state\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\n**Software Update**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**Spindump**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved file handling.\n\nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Spotlight**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\n**subversion**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in subversion\n\nDescription: Multiple issues were addressed by updating subversion.\n\nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\n**TCC**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nCVE-2022-32834: Xuxiang Yang (@another1024) of Tencent Security Xuanwu Lab (xlab.tencent.com), Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be tracked through their IP address\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32861: Matthias Keller (m-keller.com)\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer, afang5472, xmzyshypnc\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339 \nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2022-32860: Wang Yu of Cyberserval\n\nEntry added November 9, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n**Windows Server**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to capture a user\u2019s screen\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**Calendar**\n\n****We would like to acknowledge Joshua Jones for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**DiskArbitration**\n\nWe would like to acknowledge Mike Cush for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 09, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.5", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32802", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857", "CVE-2022-32860", "CVE-2022-32861", "CVE-2022-32863", "CVE-2022-32880", "CVE-2022-32910", "CVE-2022-32948", "CVE-2022-42805"], "modified": "2022-07-20T00:00:00", "id": "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "href": "https://support.apple.com/kb/HT213345", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-29T05:59:12", "description": "# About the security content of watchOS 8.7\n\nThis document describes the security content of watchOS 8.7.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 8.7\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow issue was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: Apple Watch Series 4 and later\n\nImpact: An app may be able to break out of its sandbox\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**ICU**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Liblouis**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved checks.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Multi-Touch**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Software Update**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 20, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of watchOS 8.7", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26981", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32824", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32832", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32844", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32857"], "modified": "2022-07-20T00:00:00", "id": "APPLE:36D1157BC66453E0491C66ACBF433EE9", "href": "https://support.apple.com/kb/HT213340", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T21:58:49", "description": "# About the security content of macOS Big Sur 11.6.8\n\nThis document describes the security content of macOS Big Sur 11.6.8.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.6.8\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: macOS Big Sur\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**AppleScript**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**Archive Utility**\n\nAvailable for: macOS Big Sur\n\nImpact: An archive may be able to bypass Gatekeeper\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32910: Ferdous Saljooki (@malwarezoo) of Jamf Software\n\nEntry added October 4, 2022\n\n**Audio**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**Audio**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Calendar**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to access sensitive user information\n\nDescription: The issue was addressed with improved handling of caches.\n\nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Calendar**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**CoreText**\n\nAvailable for: macOS Big Sur\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**FaceTime**\n\nAvailable for: macOS Big Sur\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**File System Events**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**ICU**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed with improved locking.\n\nCVE-2022-32811: ABC Research s.r.o\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\n**libxml2**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32814: Pan ZhenPeng(@Peterpan0927)\n\nEntry added November 9, 2022\n\n**Multi-Touch**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng(@Peterpan0927)\n\nEntry added November 9, 2022\n\n**PackageKit**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-32786: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32800: Mickey Jin (@patch1t)\n\n**PluginKit**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**PS Normalizer**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32843: Kai Lu of Zscaler's ThreatLabz\n\n**Software Update**\n\nAvailable for: macOS Big Sur\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**Spindump**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved file handling.\n\nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Spotlight**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A validation issue in the handling of symlinks was addressed with improved validation of symlinks.\n\nCVE-2022-26704: Joshua Mason of Mandiant\n\n**TCC**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nCVE-2022-32834: Xuxiang Yang (@another1024) of Tencent Security Xuanwu Lab (xlab.tencent.com), Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated September 16, 2022\n\n**Vim**\n\nAvailable for: macOS Big Sur\n\nImpact: Multiple issues in Vim\n\nDescription: Multiple issues were addressed by updating Vim.\n\nCVE-2022-0156\n\nCVE-2022-0158\n\n**Wi-Fi**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2022-32860: Wang Yu of Cyberserval\n\nEntry added November 9, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Big Sur\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n**Windows Server**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to capture a user\u2019s screen\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\n\n\n## Additional recognition\n\n**Calendar**\n\nWe would like to acknowledge Joshua Jones for their assistance.\n\nEntry added November 9, 2022\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 09, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of macOS Big Sur 11.6.8", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0156", "CVE-2022-0158", "CVE-2022-26704", "CVE-2022-32781", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32797", "CVE-2022-32800", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32843", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32853", "CVE-2022-32857", "CVE-2022-32860", "CVE-2022-32910"], "modified": "2022-07-20T00:00:00", "id": "APPLE:AC49D86768B40C9859AF7DC3073E5DAF", "href": "https://support.apple.com/kb/HT213344", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-29T05:58:51", "description": "# About the security content of tvOS 15.6\n\nThis document describes the security content of tvOS 15.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 15.6\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow issue was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Audio**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**CoreMedia**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**iCloud Photo Library**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\n**ImageIO**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to disclosure of user information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Liblouis**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved checks.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Software Update**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 20, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of tvOS 15.6", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26981", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32802", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32824", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32830", "CVE-2022-32832", "CVE-2022-32837", "CVE-2022-32839", "CVE-2022-32841", "CVE-2022-32844", "CVE-2022-32847", "CVE-2022-32849", "CVE-2022-32857"], "modified": "2022-07-20T00:00:00", "id": "APPLE:525A1C81291F8006179082509655B7D2", "href": "https://support.apple.com/kb/HT213342", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T21:58:49", "description": "# About the security content of iOS 15.6 and iPadOS 15.6\n\nThis document describes the security content of iOS 15.6 and iPadOS 15.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 15.6 and iPadOS 15.6\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-42805: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32948: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nEntry updated November 9, 2022 \n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nCVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group\n\nEntry updated September 16, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**CoreMedia**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**Home**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user may be able to view restricted content from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32855: Zitong Wu(\u5434\u6893\u6850) from Zhuhai No.1 Middle School(\u73e0\u6d77\u5e02\u7b2c\u4e00\u4e2d\u5b66)\n\nEntry updated September 16, 2022\n\n**iCloud Photo Library**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to disclosure of user information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Liblouis**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**PluginKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**Safari Extensions**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University\n\n**Software Update**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339 \nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2022-32860: Wang Yu of Cyberserval\n\nEntry added November 9, 2022\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 09, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of iOS 15.6 and iPadOS 15.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-26768", "CVE-2022-26981", "CVE-2022-32784", "CVE-2022-32785", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32802", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32824", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32830", "CVE-2022-32832", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32844", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32849", "CVE-2022-32855", "CVE-2022-32857", "CVE-2022-32860", "CVE-2022-32948", "CVE-2022-42805"], "modified": "2022-07-20T00:00:00", "id": "APPLE:DF68F7FFE1ED4E5157204A83619C4B89", "href": "https://support.apple.com/kb/HT213346", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-04T21:58:45", "description": "# About the security content of Security Update 2022-005 Catalina\n\nThis document describes the security content of Security Update 2022-005 Catalina.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Security Update 2022-005 Catalina\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: macOS Catalina\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security\n\nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**AppleScript**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**Archive Utility**\n\nAvailable for: macOS Catalina\n\nImpact: An archive may be able to bypass Gatekeeper\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32910: Ferdous Saljooki (@malwarezoo) of Jamf Software\n\nEntry added October 4, 2022\n\n**Audio**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Calendar**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to access sensitive user information\n\nDescription: The issue was addressed with improved handling of caches.\n\nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Calendar**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**CoreText**\n\nAvailable for: macOS Catalina\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**FaceTime**\n\nAvailable for: macOS Catalina\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**File System Events**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**ICU**\n\nAvailable for: macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: macOS Catalina\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed with improved locking.\n\nCVE-2022-32811: ABC Research s.r.o\n\n**Kernel**\n\nAvailable for: macOS Catalina\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\n**libxml2**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**PackageKit**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-32786: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32800: Mickey Jin (@patch1t)\n\n**PluginKit**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**PS Normalizer**\n\nAvailable for: macOS Catalina\n\nImpact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32843: Kai Lu of Zscaler's ThreatLabz\n\n**SMB**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Catalina\n\nImpact: A user in a privileged network position may be able to leak sensitive information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\n**Software Update**\n\nAvailable for: macOS Catalina\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**Spindump**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved file handling.\n\nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Spotlight**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A validation issue in the handling of symlinks was addressed with improved validation of symlinks.\n\nCVE-2022-26704: Joshua Mason of Mandiant\n\n**TCC**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nCVE-2022-32834: Xuxiang Yang (@another1024) of Tencent Security Xuanwu Lab (xlab.tencent.com), Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated September 16, 2022\n\n**Vim**\n\nAvailable for: macOS Catalina\n\nImpact: Multiple issues in Vim\n\nDescription: Multiple issues were addressed by updating Vim.\n\nCVE-2021-4136\n\nCVE-2021-4166\n\nCVE-2021-4173\n\nCVE-2021-4187\n\nCVE-2021-4192\n\nCVE-2021-4193\n\nCVE-2021-46059\n\nCVE-2022-0128\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\nEntry added September 16, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 04, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of Security Update 2022-005 Catalina", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-46059", "CVE-2022-0128", "CVE-2022-26704", "CVE-2022-32781", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32797", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32815", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32823", "CVE-2022-32826", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32847", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32853", "CVE-2022-32857", "CVE-2022-32910"], "modified": "2022-07-20T00:00:00", "id": "APPLE:315A0A489FE54A17BA14F0B62D49D716", "href": "https://support.apple.com/kb/HT213343", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-22T23:08:55", "description": "# About the security content of Safari 15.6\n\nThis document describes the security content of Safari 15.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 15.6\n\nReleased July 20, 2022\n\n**Safari Extensions**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: A user may be tracked through their IP address\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32861: Matthias Keller (m-keller.com)\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer, afang5472, xmzyshypnc\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339 \nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: September 16, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of Safari 15.6", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32861", "CVE-2022-32863"], "modified": "2022-07-20T00:00:00", "id": "APPLE:37AFBB95AFD80D918469C22F0A05655D", "href": "https://support.apple.com/kb/HT213341", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-01-26T04:17:14", "description": "The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.8 Big Sur. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bounds write issue vulnerability may lead to arbitrary code execution. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may lead to arbitrary code execution with kernel privileges. (CVE-2022-32812)\n\n - Exploitation of this vulnerability may lead to access of sensitive user information. (CVE-2022-32834) \n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "macOS 11.x < 11.6.8 (HT213344)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0156", "CVE-2022-0158", "CVE-2022-26704", "CVE-2022-32781", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32797", "CVE-2022-32800", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32815", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32843", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32853", "CVE-2022-32857"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213344.NASL", "href": "https://www.tenable.com/plugins/nessus/164292", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164292);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2022-0156\",\n \"CVE-2022-0158\",\n \"CVE-2022-26704\",\n \"CVE-2022-32781\",\n \"CVE-2022-32785\",\n \"CVE-2022-32786\",\n \"CVE-2022-32787\",\n \"CVE-2022-32797\",\n \"CVE-2022-32800\",\n \"CVE-2022-32805\",\n \"CVE-2022-32807\",\n \"CVE-2022-32811\",\n \"CVE-2022-32812\",\n \"CVE-2022-32813\",\n \"CVE-2022-32815\",\n \"CVE-2022-32819\",\n \"CVE-2022-32820\",\n \"CVE-2022-32823\",\n \"CVE-2022-32825\",\n \"CVE-2022-32826\",\n \"CVE-2022-32831\",\n \"CVE-2022-32832\",\n \"CVE-2022-32834\",\n \"CVE-2022-32838\",\n \"CVE-2022-32839\",\n \"CVE-2022-32843\",\n \"CVE-2022-32847\",\n \"CVE-2022-32848\",\n \"CVE-2022-32849\",\n \"CVE-2022-32851\",\n \"CVE-2022-32853\",\n \"CVE-2022-32857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213344\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-07-20\");\n script_xref(name:\"IAVA\", value:\"2022-A-0295-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n\n script_name(english:\"macOS 11.x < 11.6.8 (HT213344)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.8 Big Sur. It is, therefore, \naffected by multiple vulnerabilities :\n\n - An out-of-bounds write issue vulnerability may lead to arbitrary code execution. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may lead to arbitrary code execution with kernel privileges. (CVE-2022-32812)\n\n - Exploitation of this vulnerability may lead to access of sensitive user information. (CVE-2022-32834) \n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213344\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 11.6.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26704\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32839\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [{ 'min_version' : '11.0', 'fixed_version' : '11.6.6', 'fixed_display' : 'macOS Big Sur 11.6.6' }];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:27:21", "description": "The remote host is running a version of macOS / Mac OS X that is 0.0.x prior to Catalina Security Update 2022-005 Catalina. It is, therefore, affected by multiple vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-4136)\n\n - vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)\n\n - vim is vulnerable to Use After Free (CVE-2021-4173, CVE-2021-4187, CVE-2021-4192)\n\n - A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.\n (CVE-2022-26704)\n\n - An issue in FaceTime was addressed by enabling hardened runtime. (CVE-2022-32781)\n\n - A null pointer dereference in ImageIO was addressed with improved validation. (CVE-2022-32785)\n\n - An issue in the handling of environment variables in PackageKitwas addressed with improved validation.\n (CVE-2022-32786)\n\n - An out-of-bounds write issue in the ICU library was addressed with improved bounds checking.\n (CVE-2022-32787, CVE-2022-32843)\n\n - Several issues in AppleScript were addressed with improved checks.\n (CVE-2022-32797, CVE-2022-32800, CVE-2022-32847)\n\n - An out-of-bounds read issue in SMB was addressed with improved bounds checking. (CVE-2022-32799)\n\n - An issue in the Calendar app was addressed with improved handling of caches. (CVE-2022-32805)\n\n - An issue in Spindump addressed with improved file handling. (CVE-2022-32807)\n\n - A memory corruption vulnerability in the Intel graphics driver was addressed with improved locking.\n (CVE-2022-32811)\n\n - Issues in the kernel were addressed with improved memory handling. (CVE-2022-32812, CVE-2022-32813, CVE-2022-32815, CVE-2022-32832)\n\n - A logic issue was addressed with improved state management. (CVE-2022-32819, CVE-2022-32838)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32820)\n\n - A memory initialization in libxml2 issue was addressed with improved memory handling. (CVE-2022-32823)\n\n - An authorization issue in AppleMobileFileIntegrity was addressed with improved state management. (CVE-2022-32826)\n\n - An out-of-bounds read was addressed with improved bounds checking. (CVE-2022-32831)\n\n - An access issue was addressed with improvements to the sandbox. (CVE-2022-32834)\n\n - The issue was addressed with improved bounds checks. (CVE-2022-32839)\n\n - An out-of-bounds read issue in AppleScript was addressed with improved input validation. (CVE-2022-32842, CVE-2022-32851, CVE-2022-32853)\n\n - An information disclosure issue in the Calendar app was addressed by removing the vulnerable code.\n (CVE-2022-32849)\n\n - This issue was addressed by using HTTPS when sending information over the network. (CVE-2022-32857)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "macOS 10.15.x < Catalina Security Update 2022-005 Catalina (HT213343)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2021-4192", "CVE-2021-4193", "CVE-2022-0128", "CVE-2022-26704", "CVE-2022-32781", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32797", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32815", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32823", "CVE-2022-32826", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32847", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32853", "CVE-2022-32857"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213343.NASL", "href": "https://www.tenable.com/plugins/nessus/163394", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163394);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2021-4136\",\n \"CVE-2021-4166\",\n \"CVE-2021-4173\",\n \"CVE-2021-4187\",\n \"CVE-2021-4192\",\n \"CVE-2021-4193\",\n \"CVE-2022-0128\",\n \"CVE-2022-26704\",\n \"CVE-2022-32781\",\n \"CVE-2022-32785\",\n \"CVE-2022-32786\",\n \"CVE-2022-32787\",\n \"CVE-2022-32797\",\n \"CVE-2022-32799\",\n \"CVE-2022-32800\",\n \"CVE-2022-32805\",\n \"CVE-2022-32807\",\n \"CVE-2022-32811\",\n \"CVE-2022-32812\",\n \"CVE-2022-32813\",\n \"CVE-2022-32815\",\n \"CVE-2022-32819\",\n \"CVE-2022-32820\",\n \"CVE-2022-32823\",\n \"CVE-2022-32826\",\n \"CVE-2022-32831\",\n \"CVE-2022-32832\",\n \"CVE-2022-32834\",\n \"CVE-2022-32838\",\n \"CVE-2022-32839\",\n \"CVE-2022-32842\",\n \"CVE-2022-32843\",\n \"CVE-2022-32847\",\n \"CVE-2022-32849\",\n \"CVE-2022-32851\",\n \"CVE-2022-32853\",\n \"CVE-2022-32857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213343\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-07-20\");\n script_xref(name:\"IAVA\", value:\"2022-A-0294-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n\n script_name(english:\"macOS 10.15.x < Catalina Security Update 2022-005 Catalina (HT213343)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 0.0.x prior to Catalina Security Update 2022-005\nCatalina. It is, therefore, affected by multiple vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-4136)\n\n - vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)\n\n - vim is vulnerable to Use After Free (CVE-2021-4173, CVE-2021-4187, CVE-2021-4192)\n\n - A validation issue existed in the handling of symlinks and was addressed with improved validation of\n symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.\n (CVE-2022-26704)\n\n - An issue in FaceTime was addressed by enabling hardened runtime. (CVE-2022-32781)\n\n - A null pointer dereference in ImageIO was addressed with improved validation. (CVE-2022-32785)\n\n - An issue in the handling of environment variables in PackageKitwas addressed with improved validation.\n (CVE-2022-32786)\n\n - An out-of-bounds write issue in the ICU library was addressed with improved bounds checking.\n (CVE-2022-32787, CVE-2022-32843)\n\n - Several issues in AppleScript were addressed with improved checks.\n (CVE-2022-32797, CVE-2022-32800, CVE-2022-32847)\n\n - An out-of-bounds read issue in SMB was addressed with improved bounds checking. (CVE-2022-32799)\n\n - An issue in the Calendar app was addressed with improved handling of caches. (CVE-2022-32805)\n\n - An issue in Spindump addressed with improved file handling. (CVE-2022-32807)\n\n - A memory corruption vulnerability in the Intel graphics driver was addressed with improved locking.\n (CVE-2022-32811)\n\n - Issues in the kernel were addressed with improved memory handling. (CVE-2022-32812, CVE-2022-32813, CVE-2022-32815,\n CVE-2022-32832)\n\n - A logic issue was addressed with improved state management. (CVE-2022-32819, CVE-2022-32838)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32820)\n\n - A memory initialization in libxml2 issue was addressed with improved memory handling. (CVE-2022-32823)\n\n - An authorization issue in AppleMobileFileIntegrity was addressed with improved state management. (CVE-2022-32826)\n\n - An out-of-bounds read was addressed with improved bounds checking. (CVE-2022-32831)\n\n - An access issue was addressed with improvements to the sandbox. (CVE-2022-32834)\n\n - The issue was addressed with improved bounds checks. (CVE-2022-32839)\n\n - An out-of-bounds read issue in AppleScript was addressed with improved input validation. (CVE-2022-32842,\n CVE-2022-32851, CVE-2022-32853)\n\n - An information disclosure issue in the Calendar app was addressed by removing the vulnerable code.\n (CVE-2022-32849)\n\n - This issue was addressed by using HTTPS when sending information over the network. (CVE-2022-32857)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213343\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.15.x < Catalina Security Update 2022-005 Catalina or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26704\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32839\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\n\nvar constraints = [\n {\n 'min_version' : '10.15',\n 'max_version' : '10.15.7',\n 'fixed_build' : '19H2026',\n 'fixed_display' : 'Catalina 10.15.7 Security Update 2022-005'\n }\n];\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T04:15:45", "description": "The version of Apple iOS running on the mobile device is prior to 15.6. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26768)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2022-32787)\n\n - A buffer overflow was addressed with improved bounds checking. (CVE-2022-32788)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "Apple iOS < 15.6 Multiple Vulnerabilities (HT213346)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-26768", "CVE-2022-26981", "CVE-2022-32784", "CVE-2022-32785", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32802", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32824", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32830", "CVE-2022-32832", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32844", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32849", "CVE-2022-32855", "CVE-2022-32857"], "modified": "2022-11-30T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_156_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/163395", "sourceData": "Binary data apple_ios_156_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T00:00:42", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-5568-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164124", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5568-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164124);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"USN\", value:\"5568-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5568-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T03:19:58", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2821-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2821-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2821-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164231", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2821-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164231);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2821-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2821-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2821-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201980\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011919.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6f661e8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.5-150000.3.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T04:58:03", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5210 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "Debian DSA-5210-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc", "p-cpe:/a:debian:debian_linux:webkit2gtk-driver", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5210.NASL", "href": "https://www.tenable.com/plugins/nessus/164241", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5210. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164241);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n\n script_name(english:\"Debian DSA-5210-1 : webkit2gtk - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5210 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/webkit2gtk\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.36.6-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.36.6-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T10:33:44", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2826-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2826-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2826-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164221", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2826-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164221);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2826-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2826-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2826-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6\n and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6\n and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI\n spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201980\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011925.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dca49e82\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^((SLE(S|D)|SUSE)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'WebKit2GTK-4.0-lang-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-4.1-lang-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-5.0-lang-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.36.5-150400.4.9.1', 'sp':'4', 'cpu':'x86_64', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-32bit-2.36.5-150400.4.9.1', 'sp':'4', 'cpu':'x86_64', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.36.5-150400.4.9.1', 'sp':'4', 'cpu':'x86_64', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-32bit-2.36.5-150400.4.9.1', 'sp':'4', 'cpu':'x86_64', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-5_0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4.1-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-5.0-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-minibrowser-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-minibrowser-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-devel-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-minibrowser-2.36.5-150400.4.9.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'WebKit2GTK-4.0-lang / WebKit2GTK-4.1-lang / WebKit2GTK-5.0-lang / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T00:31:31", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3073 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-18T00:00:00", "type": "nessus", "title": "Debian DLA-3073-1 : webkit2gtk - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc", "p-cpe:/a:debian:debian_linux:webkit2gtk-driver", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3073.NASL", "href": "https://www.tenable.com/plugins/nessus/164260", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3073. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164260);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n\n script_name(english:\"Debian DLA-3073-1 : webkit2gtk - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3073 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/webkit2gtk\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the webkit2gtk packages.\n\nFor Debian 10 buster, these problems have been fixed in version 2.36.6-1~deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37-gtk2', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.36.6-1~deb10u1'},\n {'release': '10.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.36.6-1~deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T04:17:59", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2915-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2915-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2915-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164467", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2915-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164467);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2915-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2915-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2915-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201980\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/012003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?845c7167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.36.5-2.107.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-2.107.2', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.36.5-2.107.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T16:41:23", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5211 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "Debian DSA-5211-1 : wpewebkit - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-3", "p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-dev", "p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-doc", "p-cpe:/a:debian:debian_linux:wpewebkit-driver", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5211.NASL", "href": "https://www.tenable.com/plugins/nessus/164168", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5211. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164168);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n\n script_name(english:\"Debian DSA-5211-1 : wpewebkit - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5211 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/wpewebkit\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-32816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/wpewebkit\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the wpewebkit packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.36.6-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwpewebkit-1.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpewebkit-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-3', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-dev', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libwpewebkit-1.0-doc', 'reference': '2.36.6-1~deb11u1'},\n {'release': '11.0', 'prefix': 'wpewebkit-driver', 'reference': '2.36.6-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwpewebkit-1.0-3 / libwpewebkit-1.0-dev / libwpewebkit-1.0-doc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T16:40:34", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2820-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2820-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2820-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164217", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2820-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164217);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2820-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2820-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2820-1 advisory.\n\n - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6\n and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6\n and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI\n spoofing. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201980\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011922.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dbea4431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^((SLE(S|D)|SUSE)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.36.5-150200.41.1', 'sp':'3', 'cpu':'x86_64', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.36.5-150200.41.1', 'sp':'3', 'cpu':'x86_64', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit-jsc-4-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk3-minibrowser-2.36.5-150200.41.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.5-150200.41.1', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T20:45:06", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-2013)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2013.NASL", "href": "https://www.tenable.com/plugins/nessus/162904", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162904);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-2013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2013\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?327d6766\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"subversion-1.10.6-2.h5.eulerosv2r9\",\n \"subversion-help-1.10.6-2.h5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T00:32:03", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2147)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2147.NASL", "href": "https://www.tenable.com/plugins/nessus/163528", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163528);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/29\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2147)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2147\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4df6a248\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"subversion-1.12.2-1.h4.eulerosv2r10\",\n \"subversion-help-1.12.2-1.h4.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T10:32:14", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-13T00:00:00", "type": "nessus", "title": "FreeBSD : Subversion -- Multiple vulnerabilities in server code (3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mod_dav_svn", "p-cpe:/a:freebsd:freebsd:mod_dav_svn-lts", "p-cpe:/a:freebsd:freebsd:subversion", "p-cpe:/a:freebsd:freebsd:subversion-lts", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3A1DC8C8BB2711EC98D1D43D7EED0CE2.NASL", "href": "https://www.tenable.com/plugins/nessus/159710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159710);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"FreeBSD : Subversion -- Multiple vulnerabilities in server code (3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://subversion.apache.org/security/CVE-2021-28544-advisory.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://subversion.apache.org/security/CVE-2022-24070-advisory.txt\");\n # https://vuxml.freebsd.org/freebsd/3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af82e870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_dav_svn-lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:subversion-lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'mod_dav_svn-lts>=1.10.0<1.10.8',\n 'mod_dav_svn>=1.10.0<1.10.8',\n 'mod_dav_svn>=1.11.0<1.14.2',\n 'subversion-lts>=1.10.0<1.10.8',\n 'subversion>=1.10.0<1.10.8',\n 'subversion>=1.11.0<1.14.2'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T16:59:44", "description": "The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5372-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.10 : Subversion vulnerabilities (USN-5372-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn", "p-cpe:/a:canonical:ubuntu_linux:libsvn-dev", "p-cpe:/a:canonical:ubuntu_linux:libsvn-java", "p-cpe:/a:canonical:ubuntu_linux:libsvn-perl", "p-cpe:/a:canonical:ubuntu_linux:libsvn1", "p-cpe:/a:canonical:ubuntu_linux:python-subversion", "p-cpe:/a:canonical:ubuntu_linux:python3-subversion", "p-cpe:/a:canonical:ubuntu_linux:ruby-svn", "p-cpe:/a:canonical:ubuntu_linux:subversion", "p-cpe:/a:canonical:ubuntu_linux:subversion-tools"], "id": "UBUNTU_USN-5372-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159689", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5372-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159689);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"USN\", value:\"5372-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.10 : Subversion vulnerabilities (USN-5372-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5372-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5372-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:subversion-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('ubuntu.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|21\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'libapache2-mod-svn', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsvn-dev', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsvn-java', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsvn-perl', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsvn1', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'python-subversion', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'ruby-svn', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'subversion', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'subversion-tools', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libapache2-mod-svn', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsvn-dev', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsvn-java', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsvn-perl', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsvn1', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'python3-subversion', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'ruby-svn', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'subversion', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'subversion-tools', 'pkgver': '1.14.1-3ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-svn / libsvn-dev / libsvn-java / libsvn-perl / libsvn1 / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T08:54:53", "description": "The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5119 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-13T00:00:00", "type": "nessus", "title": "Debian DSA-5119-1 : subversion - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-svn", "p-cpe:/a:debian:debian_linux:libsvn-dev", "p-cpe:/a:debian:debian_linux:libsvn-doc", "p-cpe:/a:debian:debian_linux:libsvn-java", "p-cpe:/a:debian:debian_linux:libsvn-perl", "p-cpe:/a:debian:debian_linux:libsvn1", "p-cpe:/a:debian:debian_linux:python-subversion", "p-cpe:/a:debian:debian_linux:python3-subversion", "p-cpe:/a:debian:debian_linux:ruby-svn", "p-cpe:/a:debian:debian_linux:subversion", "p-cpe:/a:debian:debian_linux:subversion-tools", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5119.NASL", "href": "https://www.tenable.com/plugins/nessus/159709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5119. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159709);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"Debian DSA-5119-1 : subversion - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5119 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/subversion\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the subversion packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.14.1-3+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libapache2-mod-svn', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn-dev', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn-doc', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn-java', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn-perl', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn1', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'python-subversion', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'python3-subversion', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'ruby-svn', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'subversion', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'subversion-tools', 'reference': '1.10.4-1+deb10u3'},\n {'release': '11.0', 'prefix': 'libapache2-mod-svn', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn-dev', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn-doc', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn-java', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn-perl', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn1', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'python-subversion', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'python3-subversion', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'ruby-svn', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'subversion', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'subversion-tools', 'reference': '1.14.1-3+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-svn / libsvn-dev / libsvn-doc / libsvn-java / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T10:43:51", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-149 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-14T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-149)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-10-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python3-subversion", "p-cpe:/a:amazon:linux:python3-subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion", "p-cpe:/a:amazon:linux:subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion-debugsource", "p-cpe:/a:amazon:linux:subversion-devel", "p-cpe:/a:amazon:linux:subversion-devel-debuginfo", "p-cpe:/a:amazon:linux:subversion-javahl", "p-cpe:/a:amazon:linux:subversion-libs", "p-cpe:/a:amazon:linux:subversion-libs-debuginfo", "p-cpe:/a:amazon:linux:subversion-perl", "p-cpe:/a:amazon:linux:subversion-perl-debuginfo", "p-cpe:/a:amazon:linux:subversion-tools", "p-cpe:/a:amazon:linux:subversion-tools-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-149.NASL", "href": "https://www.tenable.com/plugins/nessus/166120", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-149.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166120);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/14\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-149 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-149.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28544.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24070.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update subversion --releasever=2022.0.20221012' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'python3-subversion-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.14.2-5.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-subversion / python3-subversion-debuginfo / subversion / etc\");\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T15:43:04", "description": "The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5450-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-27T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Subversion vulnerabilities (USN-5450-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn", "p-cpe:/a:canonical:ubuntu_linux:libsvn-dev", "p-cpe:/a:canonical:ubuntu_linux:libsvn-java", "p-cpe:/a:canonical:ubuntu_linux:libsvn-perl", "p-cpe:/a:canonical:ubuntu_linux:libsvn1", "p-cpe:/a:canonical:ubuntu_linux:python3-subversion", "p-cpe:/a:canonical:ubuntu_linux:ruby-svn", "p-cpe:/a:canonical:ubuntu_linux:subversion", "p-cpe:/a:canonical:ubuntu_linux:subversion-tools"], "id": "UBUNTU_USN-5450-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161633", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5450-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161633);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"USN\", value:\"5450-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Subversion vulnerabilities (USN-5450-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5450-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5450-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:subversion-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '22.04', 'pkgname': 'libapache2-mod-svn', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libsvn-dev', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libsvn-java', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libsvn-perl', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libsvn1', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'python3-subversion', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'ruby-svn', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'subversion', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'subversion-tools', 'pkgver': '1.14.1-3ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-svn / libsvn-dev / libsvn-java / libsvn-perl / libsvn1 / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T16:45:34", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : subversion (EulerOS-SA-2022-1952)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-06-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mod_dav_svn", "p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1952.NASL", "href": "https://www.tenable.com/plugins/nessus/162446", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162446);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/22\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP8 : subversion (EulerOS-SA-2022-1952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1952\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?780fe5eb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"mod_dav_svn-1.10.2-1.h6.eulerosv2r8\",\n \"subversion-1.10.2-1.h6.eulerosv2r8\",\n \"subversion-libs-1.10.2-1.h6.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T16:42:44", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1162-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-13T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : subversion (SUSE-SU-2022:1162-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:subversion", "p-cpe:/a:novell:suse_linux:subversion-devel", "p-cpe:/a:novell:suse_linux:subversion-server", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1162-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159700", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1162-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159700);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1162-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : subversion (SUSE-SU-2022:1162-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:1162-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010684.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddb2f151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^((SLE(S|D)|SUSE)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'subversion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-devel-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-devel-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-server-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'libsvn_auth_gnome_keyring-1-0-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libsvn_auth_kwallet-1-0-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-bash-completion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-devel-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-perl-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-python-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-python-ctypes-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-ruby-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-server-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'subversion-tools-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsvn_auth_gnome_keyring-1-0 / libsvn_auth_kwallet-1-0 / subversion / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T16:43:52", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1483-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : subversion (SUSE-SU-2022:1483-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-05-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsvn_auth_gnome_keyring-1-0", "p-cpe:/a:novell:suse_linux:subversion", "p-cpe:/a:novell:suse_linux:subversion-bash-completion", "p-cpe:/a:novell:suse_linux:subversion-devel", "p-cpe:/a:novell:suse_linux:subversion-perl", "p-cpe:/a:novell:suse_linux:subversion-python", "p-cpe:/a:novell:suse_linux:subversion-server", "p-cpe:/a:novell:suse_linux:subversion-tools", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-1483-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160462", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1483-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160462);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/03\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1483-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : subversion (SUSE-SU-2022:1483-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:1483-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198503\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/010905.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e96dbec9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsvn_auth_gnome_keyring-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libsvn_auth_gnome_keyring-1-0-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-bash-completion-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-devel-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-perl-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-python-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-server-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-tools-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsvn_auth_gnome_keyring-1-0 / subversion / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T18:44:25", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-1983)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1983.NASL", "href": "https://www.tenable.com/plugins/nessus/162916", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162916);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-1983)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1983\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c5e9dd1b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"subversion-1.10.6-2.h5.eulerosv2r9\",\n \"subversion-help-1.10.6-2.h5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T20:49:31", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1161-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : subversion (SUSE-SU-2022:1161-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-05-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:subversion", "p-cpe:/a:novell:suse_linux:subversion-bash-completion", "p-cpe:/a:novell:suse_linux:subversion-devel", "p-cpe:/a:novell:suse_linux:subversion-perl", "p-cpe:/a:novell:suse_linux:subversion-python", "p-cpe:/a:novell:suse_linux:subversion-server", "p-cpe:/a:novell:suse_linux:subversion-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1161-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159702", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1161-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159702);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/03\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1161-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : subversion (SUSE-SU-2022:1161-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:1161-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010683.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4505f0e7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.2'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.2'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.2'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.2'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.2'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.2'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.2'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-2'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.2'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.2'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.2'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.2'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.2'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.2'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.2'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.2'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.2'},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.2'},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.2'},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.2'},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.2'},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.2'},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.2'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'subversion / subversion-bash-completion / subversion-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T20:55:36", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2172)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2172.NASL", "href": "https://www.tenable.com/plugins/nessus/163530", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163530);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/29\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2172)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2172\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7d21062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"subversion-1.12.2-1.h4.eulerosv2r10\",\n \"subversion-help-1.12.2-1.h4.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T20:43:18", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:4941 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-09T00:00:00", "type": "nessus", "title": "CentOS 8 : subversion:1.14 (CESA-2022:4941)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-06-09T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:libserf", "p-cpe:/a:centos:centos:utf8proc"], "id": "CENTOS8_RHSA-2022-4941.NASL", "href": "https://www.tenable.com/plugins/nessus/161969", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:4941. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161969);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/09\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:4941\");\n\n script_name(english:\"CentOS 8 : subversion:1.14 (CESA-2022:4941)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2022:4941 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4941\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libserf and / or utf8proc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:utf8proc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\nif ('1.14' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar appstreams = {\n 'subversion:1.14': [\n {'reference':'libserf-1.3.9-9.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libserf-1.3.9-9.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / utf8proc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T04:15:48", "description": "The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4591 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-07T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : subversion (ELSA-2022-4591)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-07-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:mod_dav_svn", "p-cpe:/a:oracle:linux:python3-subversion", "p-cpe:/a:oracle:linux:subversion", "p-cpe:/a:oracle:linux:subversion-devel", "p-cpe:/a:oracle:linux:subversion-gnome", "p-cpe:/a:oracle:linux:subversion-libs", "p-cpe:/a:oracle:linux:subversion-perl", "p-cpe:/a:oracle:linux:subversion-tools"], "id": "ORACLELINUX_ELSA-2022-4591.NASL", "href": "https://www.tenable.com/plugins/nessus/162789", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-4591.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162789);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/07\");\n\n script_cve_id(\"CVE-2022-24070\");\n\n script_name(english:\"Oracle Linux 9 : subversion (ELSA-2022-4591)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-4591 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-4591.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'mod_dav_svn-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mod_dav_svn / python3-subversion / subversion / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T04:12:55", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2222 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "RHEL 8 : subversion:1.10 (RHSA-2022:2222)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:libserf", "p-cpe:/a:redhat:enterprise_linux:mod_dav_svn", "p-cpe:/a:redhat:enterprise_linux:subversion", "p-cpe:/a:redhat:enterprise_linux:subversion-devel", "p-cpe:/a:redhat:enterprise_linux:subversion-gnome", "p-cpe:/a:redhat:enterprise_linux:subversion-javahl", "p-cpe:/a:redhat:enterprise_linux:subversion-libs", "p-cpe:/a:redhat:enterprise_linux:subversion-perl", "p-cpe:/a:redhat:enterprise_linux:subversion-tools", "p-cpe:/a:redhat:enterprise_linux:utf8proc"], "id": "REDHAT-RHSA-2022-2222.NASL", "href": "https://www.tenable.com/plugins/nessus/161082", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:2222. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161082);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:2222\");\n\n script_name(english:\"RHEL 8 : subversion:1.10 (RHSA-2022:2222)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:2222 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:2222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:utf8proc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'subversion:1.10': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libserf-1.3.9-9.module+el8.3.0+6671+2675c974', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.10.2-5.module+el8.4.0+15158+80ea2a4d', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.10.2-5.module+el8.4.0+15158+80ea2a4d', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.10.2-5.module+el8.4.0+15158+80ea2a4d', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.10.2-5.module+el8.4.0+15158+80ea2a4d', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.10.2-5.module+el8.4.0+15158+80ea2a4d', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.10.2-5.module+el8.4.0+15158+80ea2a4d', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.10.2-5.module+el8.4.0+15158+80ea2a4d', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.10.2-5.module+el8.4.0+15158+80ea2a4d', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\nif ('1.10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / mod_dav_svn / subversion / subversion-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T04:12:22", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4722 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-24T00:00:00", "type": "nessus", "title": "RHEL 8 : subversion:1.14 (RHSA-2022:4722)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:libserf", "p-cpe:/a:redhat:enterprise_linux:mod_dav_svn", "p-cpe:/a:redhat:enterprise_linux:python3-subversion", "p-cpe:/a:redhat:enterprise_linux:subversion", "p-cpe:/a:redhat:enterprise_linux:subversion-devel", "p-cpe:/a:redhat:enterprise_linux:subversion-gnome", "p-cpe:/a:redhat:enterprise_linux:subversion-javahl", "p-cpe:/a:redhat:enterprise_linux:subversion-libs", "p-cpe:/a:redhat:enterprise_linux:subversion-perl", "p-cpe:/a:redhat:enterprise_linux:subversion-tools", "p-cpe:/a:redhat:enterprise_linux:utf8proc"], "id": "REDHAT-RHSA-2022-4722.NASL", "href": "https://www.tenable.com/plugins/nessus/161462", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4722. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161462);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:4722\");\n\n script_name(english:\"RHEL 8 : subversion:1.14 (RHSA-2022:4722)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4722 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:utf8proc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'subversion:1.14': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libserf-1.3.9-9.module+el8.4.0+8637+d3bad2c2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-2.module+el8.4.0+9885+61c1c622', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.4.0+8637+d3bad2c2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\nif ('1.14' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / mod_dav_svn / python3-subversion / subversion / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T18:43:31", "description": "The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4591 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : subversion (ALSA-2022:4591)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-11-17T00:00:00", "cpe": ["p-cpe:/a:alma:linux:mod_dav_svn", "p-cpe:/a:alma:linux:python3-subversion", "p-cpe:/a:alma:linux:subversion", "p-cpe:/a:alma:linux:subversion-devel", "p-cpe:/a:alma:linux:subversion-gnome", "p-cpe:/a:alma:linux:subversion-libs", "p-cpe:/a:alma:linux:subversion-perl", "p-cpe:/a:alma:linux:subversion-tools", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream"], "id": "ALMA_LINUX_ALSA-2022-4591.NASL", "href": "https://www.tenable.com/plugins/nessus/167654", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:4591.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167654);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/17\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"ALSA\", value:\"2022:4591\");\n\n script_name(english:\"AlmaLinux 9 : subversion (ALSA-2022:4591)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:4591 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-4591.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'mod_dav_svn-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-5.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-5.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mod_dav_svn / python3-subversion / subversion / subversion-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T08:57:21", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2234 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T00:00:00", "type": "nessus", "title": "RHEL 8 : subversion:1.10 (RHSA-2022:2234)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:libserf", "p-cpe:/a:redhat:enterprise_linux:mod_dav_svn", "p-cpe:/a:redhat:enterprise_linux:subversion", "p-cpe:/a:redhat:enterprise_linux:subversion-devel", "p-cpe:/a:redhat:enterprise_linux:subversion-gnome", "p-cpe:/a:redhat:enterprise_linux:subversion-javahl", "p-cpe:/a:redhat:enterprise_linux:subversion-libs", "p-cpe:/a:redhat:enterprise_linux:subversion-perl", "p-cpe:/a:redhat:enterprise_linux:subversion-tools", "p-cpe:/a:redhat:enterprise_linux:utf8proc"], "id": "REDHAT-RHSA-2022-2234.NASL", "href": "https://www.tenable.com/plugins/nessus/161155", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:2234. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161155);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:2234\");\n\n script_name(english:\"RHEL 8 : subversion:1.10 (RHSA-2022:2234)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:2234 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:2234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:utf8proc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'subversion:1.10': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libserf-1.3.9-9.module+el8.3.0+6671+2675c974', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.10.2-5.module+el8.6.0+15157+188c9801', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.10.2-5.module+el8.6.0+15157+188c9801', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.10.2-5.module+el8.6.0+15157+188c9801', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.10.2-5.module+el8.6.0+15157+188c9801', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.10.2-5.module+el8.6.0+15157+188c9801', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.10.2-5.module+el8.6.0+15157+188c9801', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.10.2-5.module+el8.6.0+15157+188c9801', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.10.2-5.module+el8.6.0+15157+188c9801', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libserf-1.3.9-9.module+el8.3.0+6671+2675c974', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.10.2-5.module+el8.6.0+15157+188c9801', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.10.2-5.module+el8.6.0+15157+188c9801', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.10.2-5.module+el8.6.0+15157+188c9801', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.10.2-5.module+el8.6.0+15157+188c9801', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.10.2-5.module+el8.6.0+15157+188c9801', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.10.2-5.module+el8.6.0+15157+188c9801', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.10.2-5.module+el8.6.0+15157+188c9801', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.10.2-5.module+el8.6.0+15157+188c9801', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\nif ('1.10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / mod_dav_svn / subversion / subversion-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T08:57:53", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2237 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T00:00:00", "type": "nessus", "title": "RHEL 8 : subversion:1.10 (RHSA-2022:2237)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:libserf", "p-cpe:/a:redhat:enterprise_linux:mod_dav_svn", "p-cpe:/a:redhat:enterprise_linux:subversion", "p-cpe:/a:redhat:enterprise_linux:subversion-devel", "p-cpe:/a:redhat:enterprise_linux:subversion-gnome", "p-cpe:/a:redhat:enterprise_linux:subversion-javahl", "p-cpe:/a:redhat:enterprise_linux:subversion-libs", "p-cpe:/a:redhat:enterprise_linux:subversion-perl", "p-cpe:/a:redhat:enterprise_linux:subversion-tools", "p-cpe:/a:redhat:enterprise_linux:utf8proc"], "id": "REDHAT-RHSA-2022-2237.NASL", "href": "https://www.tenable.com/plugins/nessus/161161", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:2237. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161161);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:2237\");\n\n script_name(english:\"RHEL 8 : subversion:1.10 (RHSA-2022:2237)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:2237 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:2237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:utf8proc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'subversion:1.10': [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.10.2-3.module+el8.1.0+15169+c14f14c4', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\nif ('1.10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / mod_dav_svn / subversion / subversion-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T08:56:47", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-2234 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : subversion:1.10 (ELSA-2022-2234)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libserf", "p-cpe:/a:oracle:linux:mod_dav_svn", "p-cpe:/a:oracle:linux:subversion", "p-cpe:/a:oracle:linux:subversion-devel", "p-cpe:/a:oracle:linux:subversion-gnome", "p-cpe:/a:oracle:linux:subversion-javahl", "p-cpe:/a:oracle:linux:subversion-libs", "p-cpe:/a:oracle:linux:subversion-perl", "p-cpe:/a:oracle:linux:subversion-tools", "p-cpe:/a:oracle:linux:utf8proc"], "id": "ORACLELINUX_ELSA-2022-2234.NASL", "href": "https://www.tenable.com/plugins/nessus/161380", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-2234.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161380);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2022-24070\");\n\n script_name(english:\"Oracle Linux 8 : subversion:1.10 (ELSA-2022-2234)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-2234 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-2234.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:utf8proc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\nif ('1.10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar appstreams = {\n 'subversion:1.10': [\n {'reference':'libserf-1.3.9-9.module+el8.3.0+7671+a87d5147', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libserf-1.3.9-9.module+el8.3.0+7671+a87d5147', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.10.2-5.module+el8.6.0+20670+d864ac37', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.10.2-5.module+el8.6.0+20670+d864ac37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.3.0+7671+a87d5147', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.3.0+7671+a87d5147', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / mod_dav_svn / subversion / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T09:02:29", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4591 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "RHEL 9 : subversion (RHSA-2022:4591)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-09-22T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_e4s:9.0", "cpe:/o:redhat:rhel_eus:9.0", "p-cpe:/a:redhat:enterprise_linux:mod_dav_svn", "p-cpe:/a:redhat:enterprise_linux:python3-subversion", "p-cpe:/a:redhat:enterprise_linux:subversion", "p-cpe:/a:redhat:enterprise_linux:subversion-devel", "p-cpe:/a:redhat:enterprise_linux:subversion-gnome", "p-cpe:/a:redhat:enterprise_linux:subversion-libs", "p-cpe:/a:redhat:enterprise_linux:subversion-perl", "p-cpe:/a:redhat:enterprise_linux:subversion-tools"], "id": "REDHAT-RHSA-2022-4591.NASL", "href": "https://www.tenable.com/plugins/nessus/164844", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4591. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164844);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/22\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:4591\");\n\n script_name(english:\"RHEL 9 : subversion (RHSA-2022:4591)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4591 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_9_appstream': [\n 'rhel-9-for-aarch64-appstream-debug-rpms',\n 'rhel-9-for-aarch64-appstream-rpms',\n 'rhel-9-for-aarch64-appstream-source-rpms',\n 'rhel-9-for-s390x-appstream-debug-rpms',\n 'rhel-9-for-s390x-appstream-rpms',\n 'rhel-9-for-s390x-appstream-source-rpms',\n 'rhel-9-for-x86_64-appstream-debug-rpms',\n 'rhel-9-for-x86_64-appstream-rpms',\n 'rhel-9-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_9_baseos': [\n 'rhel-9-for-aarch64-baseos-debug-rpms',\n 'rhel-9-for-aarch64-baseos-rpms',\n 'rhel-9-for-aarch64-baseos-source-rpms',\n 'rhel-9-for-s390x-baseos-debug-rpms',\n 'rhel-9-for-s390x-baseos-rpms',\n 'rhel-9-for-s390x-baseos-source-rpms',\n 'rhel-9-for-x86_64-baseos-debug-rpms',\n 'rhel-9-for-x86_64-baseos-rpms',\n 'rhel-9-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_9_crb': [\n 'codeready-builder-for-rhel-9-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-9-aarch64-rpms',\n 'codeready-builder-for-rhel-9-aarch64-source-rpms',\n 'codeready-builder-for-rhel-9-s390x-debug-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-9-s390x-rpms',\n 'codeready-builder-for-rhel-9-s390x-source-rpms',\n 'codeready-builder-for-rhel-9-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-9-x86_64-rpms',\n 'codeready-builder-for-rhel-9-x86_64-source-rpms'\n ],\n 'enterprise_linux_9_highavailability': [\n 'rhel-9-for-aarch64-highavailability-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-source-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-9-for-aarch64-highavailability-rpms',\n 'rhel-9-for-aarch64-highavailability-source-rpms',\n 'rhel-9-for-s390x-highavailability-debug-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-debug-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-source-rpms',\n 'rhel-9-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-9-for-s390x-highavailability-eus-rpms',\n 'rhel-9-for-s390x-highavailability-eus-source-rpms',\n 'rhel-9-for-s390x-highavailability-rpms',\n 'rhel-9-for-s390x-highavailability-source-rpms',\n 'rhel-9-for-x86_64-highavailability-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-9-for-x86_64-highavailability-rpms',\n 'rhel-9-for-x86_64-highavailability-source-rpms'\n ],\n 'enterprise_linux_9_nfv': [\n 'rhel-9-for-x86_64-nfv-debug-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-debug-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-source-rpms',\n 'rhel-9-for-x86_64-nfv-rpms',\n 'rhel-9-for-x86_64-nfv-source-rpms'\n ],\n 'enterprise_linux_9_realtime': [\n 'rhel-9-for-x86_64-rt-debug-rpms',\n 'rhel-9-for-x86_64-rt-e4s-debug-rpms',\n 'rhel-9-for-x86_64-rt-e4s-rpms',\n 'rhel-9-for-x86_64-rt-e4s-source-rpms',\n 'rhel-9-for-x86_64-rt-rpms',\n 'rhel-9-for-x86_64-rt-source-rpms'\n ],\n 'enterprise_linux_9_resilientstorage': [\n 'rhel-9-for-s390x-resilientstorage-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-rpms',\n 'rhel-9-for-s390x-resilientstorage-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-rpms',\n 'rhel-9-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_9_sap': [\n 'rhel-9-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-rpms',\n 'rhel-9-for-s390x-sap-netweaver-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_9_sap_hana': [\n 'rhel-9-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-rpms',\n 'rhel-9-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_9_supplementary': [\n 'rhel-9-for-aarch64-supplementary-eus-rpms',\n 'rhel-9-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-9-for-aarch64-supplementary-rpms',\n 'rhel-9-for-aarch64-supplementary-source-rpms',\n 'rhel-9-for-s390x-supplementary-eus-rpms',\n 'rhel-9-for-s390x-supplementary-eus-source-rpms',\n 'rhel-9-for-s390x-supplementary-rpms',\n 'rhel-9-for-s390x-supplementary-source-rpms',\n 'rhel-9-for-x86_64-supplementary-eus-rpms',\n 'rhel-9-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-9-for-x86_64-supplementary-rpms',\n 'rhel-9-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_e4s_9_0_appstream': [\n 'rhel-9-for-aarch64-appstream-e4s-debug-rpms',\n 'rhel-9-for-aarch64-appstream-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-appstream-e4s-rpms',\n 'rhel-9-for-aarch64-appstream-e4s-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-appstream-e4s-source-rpms',\n 'rhel-9-for-aarch64-appstream-e4s-source-rpms__9_DOT_0',\n 'rhel-9-for-s390x-appstream-e4s-debug-rpms',\n 'rhel-9-for-s390x-appstream-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-appstream-e4s-rpms',\n 'rhel-9-for-s390x-appstream-e4s-rpms__9_DOT_0',\n 'rhel-9-for-s390x-appstream-e4s-source-rpms',\n 'rhel-9-for-s390x-appstream-e4s-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-9-for-x86_64-appstream-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-appstream-e4s-rpms',\n 'rhel-9-for-x86_64-appstream-e4s-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-9-for-x86_64-appstream-e4s-source-rpms__9_DOT_0'\n ],\n 'rhel_e4s_9_0_baseos': [\n 'rhel-9-for-aarch64-baseos-e4s-debug-rpms',\n 'rhel-9-for-aarch64-baseos-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-baseos-e4s-rpms',\n 'rhel-9-for-aarch64-baseos-e4s-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-baseos-e4s-source-rpms',\n 'rhel-9-for-aarch64-baseos-e4s-source-rpms__9_DOT_0',\n 'rhel-9-for-s390x-baseos-e4s-debug-rpms',\n 'rhel-9-for-s390x-baseos-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-baseos-e4s-rpms',\n 'rhel-9-for-s390x-baseos-e4s-rpms__9_DOT_0',\n 'rhel-9-for-s390x-baseos-e4s-source-rpms',\n 'rhel-9-for-s390x-baseos-e4s-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-9-for-x86_64-baseos-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-baseos-e4s-rpms',\n 'rhel-9-for-x86_64-baseos-e4s-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-9-for-x86_64-baseos-e4s-source-rpms__9_DOT_0'\n ],\n 'rhel_e4s_9_0_highavailability': [\n 'rhel-9-for-aarch64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-highavailability-e4s-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-highavailability-e4s-source-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-source-rpms__9_DOT_0',\n 'rhel-9-for-s390x-highavailability-e4s-debug-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-highavailability-e4s-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-rpms__9_DOT_0',\n 'rhel-9-for-s390x-highavailability-e4s-source-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-highavailability-e4s-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-source-rpms__9_DOT_0'\n ],\n 'rhel_e4s_9_0_nfv': [\n 'rhel-9-for-x86_64-nfv-e4s-debug-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-nfv-e4s-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-nfv-e4s-source-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-source-rpms__9_DOT_0'\n ],\n 'rhel_e4s_9_0_realtime': [\n 'rhel-9-for-x86_64-rt-e4s-debug-rpms',\n 'rhel-9-for-x86_64-rt-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-rt-e4s-rpms',\n 'rhel-9-for-x86_64-rt-e4s-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-rt-e4s-source-rpms',\n 'rhel-9-for-x86_64-rt-e4s-source-rpms__9_DOT_0'\n ],\n 'rhel_e4s_9_0_resilientstorage': [\n 'rhel-9-for-s390x-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-resilientstorage-e4s-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-rpms__9_DOT_0',\n 'rhel-9-for-s390x-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-resilientstorage-e4s-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-source-rpms__9_DOT_0'\n ],\n 'rhel_e4s_9_0_sap': [\n 'rhel-9-for-s390x-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-sap-netweaver-e4s-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-rpms__9_DOT_0',\n 'rhel-9-for-s390x-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-source-rpms__9_DOT_0'\n ],\n 'rhel_e4s_9_0_sap_hana': [\n 'rhel-9-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-source-rpms__9_DOT_0'\n ],\n 'rhel_eus_9_0_appstream': [\n 'rhel-9-for-aarch64-appstream-e4s-debug-rpms',\n 'rhel-9-for-aarch64-appstream-e4s-rpms',\n 'rhel-9-for-aarch64-appstream-e4s-source-rpms',\n 'rhel-9-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-9-for-aarch64-appstream-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-appstream-eus-rpms',\n 'rhel-9-for-aarch64-appstream-eus-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-appstream-eus-source-rpms',\n 'rhel-9-for-aarch64-appstream-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-s390x-appstream-e4s-debug-rpms',\n 'rhel-9-for-s390x-appstream-e4s-rpms',\n 'rhel-9-for-s390x-appstream-e4s-source-rpms',\n 'rhel-9-for-s390x-appstream-eus-debug-rpms',\n 'rhel-9-for-s390x-appstream-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-appstream-eus-rpms',\n 'rhel-9-for-s390x-appstream-eus-rpms__9_DOT_0',\n 'rhel-9-for-s390x-appstream-eus-source-rpms',\n 'rhel-9-for-s390x-appstream-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-9-for-x86_64-appstream-e4s-rpms',\n 'rhel-9-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-9-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-9-for-x86_64-appstream-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-appstream-eus-rpms',\n 'rhel-9-for-x86_64-appstream-eus-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-appstream-eus-source-rpms',\n 'rhel-9-for-x86_64-appstream-eus-source-rpms__9_DOT_0'\n ],\n 'rhel_eus_9_0_baseos': [\n 'rhel-9-for-aarch64-baseos-e4s-debug-rpms',\n 'rhel-9-for-aarch64-baseos-e4s-rpms',\n 'rhel-9-for-aarch64-baseos-e4s-source-rpms',\n 'rhel-9-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-9-for-aarch64-baseos-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-baseos-eus-rpms',\n 'rhel-9-for-aarch64-baseos-eus-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-baseos-eus-source-rpms',\n 'rhel-9-for-aarch64-baseos-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-s390x-baseos-e4s-debug-rpms',\n 'rhel-9-for-s390x-baseos-e4s-rpms',\n 'rhel-9-for-s390x-baseos-e4s-source-rpms',\n 'rhel-9-for-s390x-baseos-eus-debug-rpms',\n 'rhel-9-for-s390x-baseos-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-baseos-eus-rpms',\n 'rhel-9-for-s390x-baseos-eus-rpms__9_DOT_0',\n 'rhel-9-for-s390x-baseos-eus-source-rpms',\n 'rhel-9-for-s390x-baseos-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-9-for-x86_64-baseos-e4s-rpms',\n 'rhel-9-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-9-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-9-for-x86_64-baseos-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-baseos-eus-rpms',\n 'rhel-9-for-x86_64-baseos-eus-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-baseos-eus-source-rpms',\n 'rhel-9-for-x86_64-baseos-eus-source-rpms__9_DOT_0'\n ],\n 'rhel_eus_9_0_crb': [\n 'codeready-builder-for-rhel-9-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-debug-rpms__9_DOT_0',\n 'codeready-builder-for-rhel-9-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-rpms__9_DOT_0',\n 'codeready-builder-for-rhel-9-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-9-aarch64-eus-source-rpms__9_DOT_0',\n 'codeready-builder-for-rhel-9-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-debug-rpms__9_DOT_0',\n 'codeready-builder-for-rhel-9-s390x-eus-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-rpms__9_DOT_0',\n 'codeready-builder-for-rhel-9-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-9-s390x-eus-source-rpms__9_DOT_0',\n 'codeready-builder-for-rhel-9-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-debug-rpms__9_DOT_0',\n 'codeready-builder-for-rhel-9-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-rpms__9_DOT_0',\n 'codeready-builder-for-rhel-9-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-9-x86_64-eus-source-rpms__9_DOT_0'\n ],\n 'rhel_eus_9_0_highavailability': [\n 'rhel-9-for-aarch64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-rpms',\n 'rhel-9-for-aarch64-highavailability-e4s-source-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-highavailability-eus-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-9-for-aarch64-highavailability-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-s390x-highavailability-e4s-debug-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-rpms',\n 'rhel-9-for-s390x-highavailability-e4s-source-rpms',\n 'rhel-9-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-9-for-s390x-highavailability-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-highavailability-eus-rpms',\n 'rhel-9-for-s390x-highavailability-eus-rpms__9_DOT_0',\n 'rhel-9-for-s390x-highavailability-eus-source-rpms',\n 'rhel-9-for-s390x-highavailability-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-rpms',\n 'rhel-9-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-highavailability-eus-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-9-for-x86_64-highavailability-eus-source-rpms__9_DOT_0'\n ],\n 'rhel_eus_9_0_nfv': [\n 'rhel-9-for-x86_64-nfv-e4s-debug-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-rpms',\n 'rhel-9-for-x86_64-nfv-e4s-source-rpms'\n ],\n 'rhel_eus_9_0_realtime': [\n 'rhel-9-for-x86_64-rt-e4s-debug-rpms',\n 'rhel-9-for-x86_64-rt-e4s-rpms',\n 'rhel-9-for-x86_64-rt-e4s-source-rpms'\n ],\n 'rhel_eus_9_0_resilientstorage': [\n 'rhel-9-for-s390x-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-rpms',\n 'rhel-9-for-s390x-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-resilientstorage-eus-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-rpms__9_DOT_0',\n 'rhel-9-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-9-for-s390x-resilientstorage-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-resilientstorage-e4s-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-rpms',\n 'rhel-9-for-x86_64-resilientstorage-e4s-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-9-for-x86_64-resilientstorage-eus-source-rpms__9_DOT_0'\n ],\n 'rhel_eus_9_0_sap': [\n 'rhel-9-for-s390x-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-rpms',\n 'rhel-9-for-s390x-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-rpms__9_DOT_0',\n 'rhel-9-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-9-for-s390x-sap-netweaver-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-9-for-x86_64-sap-netweaver-eus-source-rpms__9_DOT_0'\n ],\n 'rhel_eus_9_0_sap_hana': [\n 'rhel-9-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-9-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-debug-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-9-for-x86_64-sap-solutions-eus-source-rpms__9_DOT_0'\n ],\n 'rhel_eus_9_0_supplementary': [\n 'rhel-9-for-aarch64-supplementary-eus-rpms',\n 'rhel-9-for-aarch64-supplementary-eus-rpms__9_DOT_0',\n 'rhel-9-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-9-for-aarch64-supplementary-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-s390x-supplementary-eus-rpms',\n 'rhel-9-for-s390x-supplementary-eus-rpms__9_DOT_0',\n 'rhel-9-for-s390x-supplementary-eus-source-rpms',\n 'rhel-9-for-s390x-supplementary-eus-source-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-supplementary-eus-rpms',\n 'rhel-9-for-x86_64-supplementary-eus-rpms__9_DOT_0',\n 'rhel-9-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-9-for-x86_64-supplementary-eus-source-rpms__9_DOT_0'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\nvar repos_found = !(isnull(repo_sets) || isnull(max_index(keys(repo_sets))));\n\nvar constraints = [\n {\n 'repo_list': ['enterprise_linux_9_appstream', 'enterprise_linux_9_baseos', 'enterprise_linux_9_crb', 'enterprise_linux_9_highavailability', 'enterprise_linux_9_nfv', 'enterprise_linux_9_realtime', 'enterprise_linux_9_resilientstorage', 'enterprise_linux_9_sap', 'enterprise_linux_9_sap_hana', 'enterprise_linux_9_supplementary'],\n 'pkgs': [\n {'reference':'mod_dav_svn-1.14.1-5.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-5.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-5.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-5.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-5.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-5.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-5.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-5.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_list': ['rhel_e4s_9_0_appstream', 'rhel_e4s_9_0_baseos', 'rhel_e4s_9_0_highavailability', 'rhel_e4s_9_0_nfv', 'rhel_e4s_9_0_realtime', 'rhel_e4s_9_0_resilientstorage', 'rhel_e4s_9_0_sap', 'rhel_e4s_9_0_sap_hana', 'rhel_eus_9_0_appstream', 'rhel_eus_9_0_baseos', 'rhel_eus_9_0_crb', 'rhel_eus_9_0_highavailability', 'rhel_eus_9_0_nfv', 'rhel_eus_9_0_realtime', 'rhel_eus_9_0_resilientstorage', 'rhel_eus_9_0_sap', 'rhel_eus_9_0_sap_hana', 'rhel_eus_9_0_supplementary'],\n 'pkgs': [\n {'reference':'mod_dav_svn-1.14.1-5.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-5.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-5.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-5.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-5.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-5.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-5.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-5.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_list = NULL;\n if (!empty_or_null(constraint_array['repo_list'])) repo_list = constraint_array['repo_list'];\n var enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_list);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n release &&\n rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) &&\n (repos_found || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mod_dav_svn / python3-subversion / subversion / subversion-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T04:14:48", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4941 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-09T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : subversion:1.14 (ELSA-2022-4941)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-06-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libserf", "p-cpe:/a:oracle:linux:mod_dav_svn", "p-cpe:/a:oracle:linux:python3-subversion", "p-cpe:/a:oracle:linux:subversion", "p-cpe:/a:oracle:linux:subversion-devel", "p-cpe:/a:oracle:linux:subversion-gnome", "p-cpe:/a:oracle:linux:subversion-javahl", "p-cpe:/a:oracle:linux:subversion-libs", "p-cpe:/a:oracle:linux:subversion-perl", "p-cpe:/a:oracle:linux:subversion-tools", "p-cpe:/a:oracle:linux:utf8proc"], "id": "ORACLELINUX_ELSA-2022-4941.NASL", "href": "https://www.tenable.com/plugins/nessus/161973", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-4941.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161973);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/09\");\n\n script_cve_id(\"CVE-2022-24070\");\n\n script_name(english:\"Oracle Linux 8 : subversion:1.14 (ELSA-2022-4941)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-4941 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-4941.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:utf8proc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\nif ('1.14' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar appstreams = {\n 'subversion:1.14': [\n {'reference':'libserf-1.3.9-9.module+el8.4.0+20030+2150d1b0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libserf-1.3.9-9.module+el8.4.0+20030+2150d1b0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.14.1-2.module+el8.6.0+20681+68ff3996', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-2.module+el8.6.0+20681+68ff3996', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.4.0+20030+2150d1b0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.4.0+20030+2150d1b0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / mod_dav_svn / python3-subversion / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T15:41:40", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2234 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : subversion:1.10 (ALSA-2022:2234)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:alma:linux:libserf", "p-cpe:/a:alma:linux:utf8proc", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-2234.NASL", "href": "https://www.tenable.com/plugins/nessus/161369", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:2234.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161369);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"ALSA\", value:\"2022:2234\");\n\n script_name(english:\"AlmaLinux 8 : subversion:1.10 (ALSA-2022:2234)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:2234 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-2234.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libserf and / or utf8proc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:utf8proc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\nif ('1.14' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar appstreams = {\n 'subversion:1.14': [\n {'reference':'libserf-1.3.9-9.module_el8.4.0+2130+2150d1b0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module_el8.4.0+2130+2150d1b0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libserf-1.3.9-9.module_el8.4.0+2271+2150d1b0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module_el8.4.0+2271+2150d1b0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / utf8proc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T15:41:39", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:2234 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T00:00:00", "type": "nessus", "title": "CentOS 8 : subversion:1.10 (CESA-2022:2234)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-05-13T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:libserf", "p-cpe:/a:centos:centos:utf8proc"], "id": "CENTOS8_RHSA-2022-2234.NASL", "href": "https://www.tenable.com/plugins/nessus/161165", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:2234. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161165);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:2234\");\n\n script_name(english:\"CentOS 8 : subversion:1.10 (CESA-2022:2234)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2022:2234 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:2234\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libserf and / or utf8proc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:utf8proc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'libserf-1.3.9-9.module_el8.3.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libserf-1.3.9-9.module_el8.3.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module_el8.3.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module_el8.3.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / utf8proc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T15:40:34", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2236 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T00:00:00", "type": "nessus", "title": "RHEL 8 : subversion:1.10 (RHSA-2022:2236)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:libserf", "p-cpe:/a:redhat:enterprise_linux:mod_dav_svn", "p-cpe:/a:redhat:enterprise_linux:subversion", "p-cpe:/a:redhat:enterprise_linux:subversion-devel", "p-cpe:/a:redhat:enterprise_linux:subversion-gnome", "p-cpe:/a:redhat:enterprise_linux:subversion-javahl", "p-cpe:/a:redhat:enterprise_linux:subversion-libs", "p-cpe:/a:redhat:enterprise_linux:subversion-perl", "p-cpe:/a:redhat:enterprise_linux:subversion-tools", "p-cpe:/a:redhat:enterprise_linux:utf8proc"], "id": "REDHAT-RHSA-2022-2236.NASL", "href": "https://www.tenable.com/plugins/nessus/161168", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:2236. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161168);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:2236\");\n\n script_name(english:\"RHEL 8 : subversion:1.10 (RHSA-2022:2236)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:2236 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:2236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:utf8proc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'subversion:1.10': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libserf-1.3.9-9.module+el8.2.0+9887+08558108', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.10.2-3.module+el8.2.0+15168+f36597c9', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.10.2-3.module+el8.2.0+15168+f36597c9', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.2.0+9887+08558108', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\nif ('1.10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.10');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / mod_dav_svn / subversion / subversion-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T16:49:27", "description": "It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-076 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-076)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2022-09-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mod_dav_svn", "p-cpe:/a:amazon:linux:mod_dav_svn-debuginfo", "p-cpe:/a:amazon:linux:python3-subversion", "p-cpe:/a:amazon:linux:python3-subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion", "p-cpe:/a:amazon:linux:subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion-debugsource", "p-cpe:/a:amazon:linux:subversion-devel", "p-cpe:/a:amazon:linux:subversion-devel-debuginfo", "p-cpe:/a:amazon:linux:subversion-gnome", "p-cpe:/a:amazon:linux:subversion-gnome-debuginfo", "p-cpe:/a:amazon:linux:subversion-javahl", "p-cpe:/a:amazon:linux:subversion-libs", "p-cpe:/a:amazon:linux:subversion-libs-debuginfo", "p-cpe:/a:amazon:linux:subversion-perl", "p-cpe:/a:amazon:linux:subversion-perl-debuginfo", "p-cpe:/a:amazon:linux:subversion-ruby", "p-cpe:/a:amazon:linux:subversion-ruby-debuginfo", "p-cpe:/a:amazon:linux:subversion-tools", "p-cpe:/a:amazon:linux:subversion-tools-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-076.NASL", "href": "https://www.tenable.com/plugins/nessus/164735", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-076.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164735);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/06\");\n\n script_cve_id(\"CVE-2022-24070\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-076 advisory.\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-076.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24070.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2022.0.20220518 subversion' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_dav_svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'mod_dav_svn-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.14.2-1.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-ruby-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-ruby-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-ruby-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-ruby-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-ruby-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-ruby-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_dav_svn / mod_dav_svn-debuginfo / python3-subversion / etc\");\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T20:51:52", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4941 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-08T00:00:00", "type": "nessus", "title": "RHEL 8 : subversion:1.14 (RHSA-2022:4941)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:libserf", "p-cpe:/a:redhat:enterprise_linux:mod_dav_svn", "p-cpe:/a:redhat:enterprise_linux:python3-subversion", "p-cpe:/a:redhat:enterprise_linux:subversion", "p-cpe:/a:redhat:enterprise_linux:subversion-devel", "p-cpe:/a:redhat:enterprise_linux:subversion-gnome", "p-cpe:/a:redhat:enterprise_linux:subversion-javahl", "p-cpe:/a:redhat:enterprise_linux:subversion-libs", "p-cpe:/a:redhat:enterprise_linux:subversion-perl", "p-cpe:/a:redhat:enterprise_linux:subversion-tools", "p-cpe:/a:redhat:enterprise_linux:utf8proc"], "id": "REDHAT-RHSA-2022-4941.NASL", "href": "https://www.tenable.com/plugins/nessus/161963", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4941. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161963);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-24070\");\n script_xref(name:\"RHSA\", value:\"2022:4941\");\n\n script_name(english:\"RHEL 8 : subversion:1.14 (RHSA-2022:4941)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4941 advisory.\n\n - subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24070\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libserf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:utf8proc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'subversion:1.14': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libserf-1.3.9-9.module+el8.4.0+8637+d3bad2c2', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-2.module+el8.6.0+15201+2f551d15', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.4.0+8637+d3bad2c2', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libserf-1.3.9-9.module+el8.4.0+8637+d3bad2c2', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_dav_svn-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-gnome-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.1-2.module+el8.6.0+15201+2f551d15', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'utf8proc-2.1.1-5.module+el8.4.0+8637+d3bad2c2', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/subversion');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\nif ('1.14' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module subversion:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module subversion:1.14');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libserf / mod_dav_svn / python3-subversion / subversion / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-10T19:25:43", "description": "The version of Safari installed on the remote host is prior to 15.6. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213341 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-20T00:00:00", "type": "nessus", "title": "Safari < 15.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-20T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "701415.PASL", "href": "https://www.tenable.com/plugins/nnm/701415", "sourceData": "Binary data 701415.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2022-07-21T11:59:02", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEglTR0Ii9L3qtSuDJKc1Sna--9qt_00acsxU4IoPSOvvnV9AYpsHDRBRuGpUvXEBKFk3zIyrtzTLJZui-ibEM8KY0xP5ftNR1W9UV-5y_qDt8tUtfZeiowl-DxjAAUazrSAmy2M-ipK_aDRHBpBeVjyw-V_72rcorKKsv7-bUNu1v3jj5_Rc8TdoRDD/s728-e100/apple.jpg>)\n\nApple on Wednesday rolled out [software fixes](<https://support.apple.com/en-us/HT201222>) for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.\n\nThis includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).\n\nChief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google [disclosed](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi0IORPLATc7sBagS3j2MEfWbfaT564we0HCpQxKyGV5ddTyfN4EXrPRxHhD1MbXvlGLR4KbmQXcsP9XTezTnpdH7V37ZhUsQLaJveId9m4lGa2trimp13A0tDRcJk51jkg7-Q70-Pnmv_4unts53n3uIo15x3DSOurm_ITR2KTT-jYyIgfeas62tSe/s728-e100/apple.jpg>)\n\nBesides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813 and CVE-2022-32815), and WebKit (CVE-2022-32792).\n\nAlso patched is a [Pointer Authentication](<https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html>) bypass affecting the Kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785), and two privilege escalation flaws in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826).\n\nWhat's more, the latest version of macOS resolves five security vulnerabilities in the SMB module that could be potentially exploited by a malicious app to gain elevated privileges, leak sensitive information, and execute arbitrary code with kernel privileges.\n\nUsers of Apple devices are recommended to update to iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 (Big Sur 11.6.8 or 2022-005 Catalina for older generation Macs), tvOS 15.6, and watchOS 8.7 to obtain the latest security protections.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T06:40:00", "type": "thn", "title": "Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-26768", "CVE-2022-32785", "CVE-2022-32792", "CVE-2022-32802", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32815", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32826", "CVE-2022-32829", "CVE-2022-32840", "CVE-2022-32844"], "modified": "2022-07-21T11:31:25", "id": "THN:80C4CCCAB293DD273948D1317EAC8B73", "href": "https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-03T09:59:40", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhHUSen7gjgQ5i3C-q9vT12dujHW41TWsQeeVN4wsLFAQmcgZRsO8Q3mTYnY-5mLbMge8R31OsaEXXfqM0Netare_I-JSvbNxgMU29R5g37LRVEcub_rs2mLdXBXgq7IiYJSyEfjnDhGF-Bz78B5X9JhDReehsYhhbqLkUVpPksLtku3ko-eJgjj-9i/s728-e100/chrome.jpg>)\n\nThe actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.\n\nCzech cybersecurity firm Avast linked the exploitation to [Candiru](<https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html>) (aka Saito Tech), which has a history of [leveraging previously unknown flaws](<https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html>) to deploy a Windows malware dubbed **DevilsTongue**, a modular implant with [Pegasus](<https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html>)-like capabilities.\n\nCandiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were [added to the entity list](<https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html>) by the U.S. Commerce Department in November 2021 for engaging in \"malicious cyber activities.\"\n\n\"Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties,\" security researcher Jan Vojt\u011b\u0161ek, who reported the discovery of the flaw, [said](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>) in a write-up. \"We believe the attacks were highly targeted.\"\n\nThe vulnerability in question is [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>), memory corruption in the [WebRTC](<https://webrtc.org/>) component of the Google Chrome browser that could lead to shellcode execution. It was addressed by Google on July 4, 2022. The same issue has since been patched by [Apple](<https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html>) and [Microsoft](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>) in Safari and Edge browsers.\n\nThe findings shed light on multiple attack campaigns mounted by the Israeli hack-for-hire vendor, which is said to have returned with a revamped toolset in March 2022 to target users in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjipZHJEu9rZboUnuN5vu4vzlFRiroPcgqPjPovcoi87zmmsxwT6Tw0Ye57y2r6_J3tFLfcRQOK2pEX3SQOvb6rAncsH4TTM_qkGtIQdfVJ_pWihsK_8KLSVuikizgk0g782gAxCstqG-TIxSIoJ5RfRqJgyaVUzMzhpQdJ7wP0mUmFPm_69lPZYZvs/s728-e100/chrome-exploit.jpg>)\n\nThe infection sequence spotted in Lebanon commenced with the attackers compromising a website used by employees of a news agency to inject malicious JavaScript code from an actor-controlled domain that's responsible for redirecting potential victims to an exploit server.\n\nVia this watering hole technique, a profile of the victim's browser, consisting of about 50 data points, is created, including details like language, timezone, screen information, device type, browser plugins, referrer, and device memory, among others.\n\nAvast assessed the information was gathered to ensure that the exploit was being delivered only to the intended targets. Should the collected data be deemed of value by the hackers, the zero-day exploit is then delivered to the victim's machine over an encrypted channel.\n\nThe exploit, in turn, abuses the heap buffer overflow in WebRTC to attain shellcode execution. The zero-day flaw is said to have been chained with a sandbox escape exploit (that was never recovered) to gain an initial foothold, using it to drop the DevilsTongue payload.\n\nWhile the sophisticated malware is capable of recording the victim's webcam and microphone, keylogging, exfiltrating messages, browsing history, passwords, locations, and much more, it has also been observed attempting to escalate its privileges by installing a vulnerable signed kernel driver (\"[HW.sys](<https://www.virustotal.com/gui/file/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5>)\") containing a third zero-day exploit.\n\nEarlier this January, ESET [explained](<https://www.eset.com/int/about/newsroom/press-releases/research/esets-research-into-bring-your-own-vulnerable-driver-details-attacks-on-drivers-in-windows-core-1/>) how vulnerable signed kernel drivers - an approach called Bring Your Own Vulnerable Driver ([BYOVD](<https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/>)) - can become unguarded gateways for malicious actors to gain entrenched access to Windows machines. \n\nThe disclosure comes a week after Proofpoint [revealed](<https://thehackernews.com/2022/07/state-backed-hackers-targeting.html>) that nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware since early 2021.\n\n**_Update:_** Google Project Zero shared the below statement following the publication of the story \u2013\n\n\"CVE-2022-2294 is a memory corruption vulnerability in [libWebRTC](<https://webrtc.org/>), a video conferencing library that is widely used by browsers and mobile applications,\" the search giant's cybersecurity teams said. \"Avast reported that this vulnerability was used to target Google Chrome users in the wild.\"\n\n\"The vulnerability potentially affects other browsers, and was recently [patched](<https://support.apple.com/en-us/HT213341>) in Safari. Many mobile applications also contain the vulnerable code, though it is unclear whether the bug is exploitable. We are not aware of any active exploitation targeting platforms other than Chrome. We greatly appreciate Avast detecting and reporting this issue.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-22T06:40:00", "type": "thn", "title": "Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-03T08:33:23", "id": "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "href": "https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2022-08-20T10:22:24", "description": "The updated packages fix security vulnerabilities and other issues. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-20T10:04:13", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-20T10:04:13", "id": "MGASA-2022-0287", "href": "https://advisories.mageia.org/MGASA-2022-0287.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-20T19:19:38", "description": "SVN authz protected copyfrom paths regression. (CVE-2021-28544) Subversion's mod_dav_svn is vulnerable to memory corruption. (CVE-2022-24070) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-13T16:06:19", "type": "mageia", "title": "Updated subversion packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-13T16:06:19", "id": "MGASA-2022-0140", "href": "https://advisories.mageia.org/MGASA-2022-0140.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T15:09:39", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nSeveral security issues were discovered in the WebKitGTK Web and JavaScript \nengines. If a user were tricked into viewing a malicious website, a remote \nattacker could exploit a variety of issues related to web browser security, \nincluding cross-site scripting attacks, denial of service attacks, and \narbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-15T00:00:00", "type": "ubuntu", "title": "WebKitGTK vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-15T00:00:00", "id": "USN-5568-1", "href": "https://ubuntu.com/security/notices/USN-5568-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T15:14:15", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * subversion \\- Advanced version control system\n\nEvgeny Kotkov discovered that Subversion servers did not properly follow \npath-based authorization rules in certain cases. An attacker could \npotentially use this issue to retrieve information about private paths. \n(CVE-2021-28544)\n\nThomas Wei\u00dfschuh discovered that Subversion servers did not properly handle \nmemory in certain configurations. A remote attacker could potentially use \nthis issue to cause a denial of service or other unspecified impact. \n(CVE-2022-24070)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T00:00:00", "type": "ubuntu", "title": "Subversion vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-12T00:00:00", "id": "USN-5372-1", "href": "https://ubuntu.com/security/notices/USN-5372-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T15:12:41", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n\n## Packages\n\n * subversion \\- Advanced version control system\n\nEvgeny Kotkov discovered that subversion servers did not properly follow \npath-based authorization rules in certain cases. An attacker could \npotentially use this issue to retrieve information about private paths. \n(CVE-2021-28544)\n\nThomas Wei\u00dfschuh discovered that subversion servers did not properly handle \nmemory in certain configurations. A remote attacker could potentially use \nthis issue to cause a denial of service or other unspecified impact. \n(CVE-2022-24070)\n", "cvss3": {"exploitabilityScore"