DATABASE RESOURCES PRICING ABOUT US

{"id": "RHSA-2023:0408", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2023:0408) Important: OpenShift Virtualization 4.12.0 Images security update", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89", "published": "2023-01-24T13:18:25", "modified": "2023-01-24T13:18:39", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2023:0408", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-20107", "CVE-2016-3709", "CVE-2020-0256", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-0308", "CVE-2021-38561", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-0391", "CVE-2022-0934", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1798", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24795", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-28131", "CVE-2022-29526", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-3787", "CVE-2022-40674", "CVE-2022-42898"], "immutableFields": [], "lastseen": "2023-01-24T15:07:31", "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY36.ASC", "PYTHON_ADVISORY2.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2021:5160", "ALSA-2022:0001", "ALSA-2022:1764", "ALSA-2022:1819", "ALSA-2022:1821", "ALSA-2022:5775", "ALSA-2022:5809", "ALSA-2022:5813", "ALSA-2022:5818", "ALSA-2022:6159", "ALSA-2022:6457", "ALSA-2022:6463", "ALSA-2022:6878", "ALSA-2022:7023", "ALSA-2022:7024", "ALSA-2022:7089", "ALSA-2022:7105", "ALSA-2022:7106", "ALSA-2022:7108", "ALSA-2022:7129", "ALSA-2022:7514", "ALSA-2022:7519", "ALSA-2022:7524", "ALSA-2022:7529", "ALSA-2022:7581", "ALSA-2022:7592", "ALSA-2022:7593", "ALSA-2022:7622", "ALSA-2022:7633", "ALSA-2022:7648", "ALSA-2022:7700", "ALSA-2022:7704", "ALSA-2022:7715", "ALSA-2022:7720", "ALSA-2022:7745", "ALSA-2022:7793", "ALSA-2022:7928", "ALSA-2022:8638"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2016-3709", "ALPINE:CVE-2022-1304", "ALPINE:CVE-2022-1586", "ALPINE:CVE-2022-1785", "ALPINE:CVE-2022-1927", "ALPINE:CVE-2022-2068", "ALPINE:CVE-2022-23772", "ALPINE:CVE-2022-23773", "ALPINE:CVE-2022-23806", "ALPINE:CVE-2022-25308", "ALPINE:CVE-2022-25309", "ALPINE:CVE-2022-25310", "ALPINE:CVE-2022-27405", "ALPINE:CVE-2022-27406", "ALPINE:CVE-2022-29526", "ALPINE:CVE-2022-30698", "ALPINE:CVE-2022-30699"]}, {"type": "altlinux", "idList": ["6E23DDCC163A0AA26B171D799284A657", "7B9D23959DFAFEBE8DABE5654510B790", "CCFE1C43CB1C1CB5D4AAB95CC66DB8E3", "FEBB327D54BEB4D7815863E2E1629573"]}, {"type": "amazon", "idList": ["ALAS-2022-1583", "ALAS-2022-1593", "ALAS-2022-1605", "ALAS-2022-1626", "ALAS-2022-1628", "ALAS-2022-1630", "ALAS-2022-1635", "ALAS-2022-1646", "ALAS-2022-1649", "ALAS-2022-1650", "ALAS-2022-1654", "ALAS2-2022-1776", "ALAS2-2022-1801", "ALAS2-2022-1802", "ALAS2-2022-1811", "ALAS2-2022-1815", "ALAS2-2022-1829", "ALAS2-2022-1830", "ALAS2-2022-1831", "ALAS2-2022-1832", "ALAS2-2022-1834", "ALAS2-2022-1846", "ALAS2-2022-1847", "ALAS2-2022-1849", "ALAS2-2022-1858", "ALAS2-2022-1859", "ALAS2-2022-1860", "ALAS2-2022-1861", "ALAS2-2022-1862", "ALAS2-2022-1863", "ALAS2-2022-1864", "ALAS2-2022-1865", "ALAS2-2022-1871", "ALAS2-2022-1875", "ALAS2-2022-1877", "ALAS2-2022-1884", "ALAS2-2022-1890", "ALAS2-2022-1900", "ALAS2-2023-1909", "ALAS2-2023-1915"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-08-01", "ANDROID:2021-01-01"]}, {"type": "apple", "idList": ["APPLE:0D23664345B6256D45D541285C4AEB4A", "APPLE:138DC64ECE1F07104C6EF7D22CA29AAF", "APPLE:38D159D6E779C73F1BC2E5DC6FAE972E", "APPLE:59071849DAC93F4A4CD86E07F03ADC09", "APPLE:63081AE5B69AA7BDB8335C6FB30CCAE2", "APPLE:763953DA9C76BCBD7B40C9C0E79E790C", "APPLE:7B2A8260D5303E5AD7A0AA8B7EB620F1", "APPLE:7EEA575A8CC6E987A9540E9F4D3D8C7F", "APPLE:83030F066E0A42EFBEAECA054548F487", "APPLE:8BB162E4A512616135B4203D7F1AA9CD", "APPLE:9107D4B4EE91B3991ECFADF74C6E6782", "APPLE:A07531C05C19836B4B65E06C7D7BB300", "APPLE:A95E7412240FFF6EACC98CE0311A5EE5", "APPLE:ABB9418710E096AFBBD70F254214F920", "APPLE:AC60691C5D8EDC71360E706D7836B71F", "APPLE:B1225C474BECEE3D119CD5BC562422D7", "APPLE:C3C11978B39895CE213B101070C72A90", "APPLE:C9EF751487C406A634B9CBD013ECD410", "APPLE:DCF97E625A2F1F327AB03D7CEBDBE265", "APPLE:E82A2A3D978FD519CBF58A36F587B070", "APPLE:EDE954643057FF821E196BB6445A667D"]}, {"type": "archlinux", "idList": ["ASA-202101-34"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2022:6834", "CESA-2022:7088", "CESA-2022:8640"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0807"]}, {"type": "cisa", "idList": ["CISA:E60365960CD2222D89AE4C45E46E9329"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:021E06997683B74BFB351B722EBA5743", "CFOUNDRY:162CC69D9D5B1B651657DF96E1B2F94C", "CFOUNDRY:1DB7C3721934B4F8EB1C79B42276805A", "CFOUNDRY:1F1DB4BEF56C7D15A4CC564597DE6378", "CFOUNDRY:1F5D3929DF559E968A272106B5A4B189", "CFOUNDRY:39FCFFF4B9885D0CC651AE4808F71562", "CFOUNDRY:53EBE65327AAC8B256B0E7BCA6AA6D53", "CFOUNDRY:68DB352BB3A7497261ADED4880186E21", "CFOUNDRY:8774A48FBB9369B699A01213D7A7BAA3", "CFOUNDRY:972AB0859F9482FEA8604E3B0CA1F23D", "CFOUNDRY:A320785EC9AD6D2D42132DE1AC17C47A", "CFOUNDRY:A503FA286C679D2750CA809DA1ED8541", "CFOUNDRY:B976FF7E95329810C356FAFA31D8F66D", "CFOUNDRY:BEDA181C96F4EB3A1F5F01FFAC8C80CF", "CFOUNDRY:C337BB86372CA047F7A2B7D5FEA42278", "CFOUNDRY:C5C459E2B36E09ABB446A1098762E52E", "CFOUNDRY:D797EF414D00AC49DF633C8127E231E1", "CFOUNDRY:DF0C266C2BCF2503074FBFBC3894B738", "CFOUNDRY:F2B746A869BB5534012F51CB8C7E051A"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1646665957", "CLSA-2022:1654529495", "CLSA-2022:1655320860", "CLSA-2022:1657817606", "CLSA-2022:1660762053", "CLSA-2022:1661442999", "CLSA-2022:1664193203", "CLSA-2022:1665428177", "CLSA-2022:1670874451"]}, {"type": "cnvd", "idList": ["CNVD-2022-20541", "CNVD-2022-36047", "CNVD-2022-62228", "CNVD-2022-62229"]}, {"type": "cve", "idList": ["CVE-2015-20107", "CVE-2016-3709", "CVE-2020-0256", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-0308", "CVE-2021-38561", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-0391", "CVE-2022-0934", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1798", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24795", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-28131", "CVE-2022-29526", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-40674", "CVE-2022-42898"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2549-1:0C478", "DEBIAN:DLA-2549-1:B0A05", "DEBIAN:DLA-2891-1:8649E", "DEBIAN:DLA-2892-1:1F462", "DEBIAN:DLA-2974-1:8BA6D", "DEBIAN:DLA-2985-1:0C7A2", "DEBIAN:DLA-2986-1:6E1E6", "DEBIAN:DLA-3008-1:E2717", "DEBIAN:DLA-3070-1:74775", "DEBIAN:DLA-3085-1:091D8", "DEBIAN:DLA-3103-1:BAE5B", "DEBIAN:DLA-3107-1:162A4", "DEBIAN:DLA-3119-1:2B830", "DEBIAN:DLA-3153-1:0A68A", "DEBIAN:DLA-3204-1:C26DB", "DEBIAN:DLA-3206-1:5481E", "DEBIAN:DLA-3213-1:8531C", "DEBIAN:DSA-5115-1:F47D3", "DEBIAN:DSA-5116-1:18CCB", "DEBIAN:DSA-5139-1:0E208", "DEBIAN:DSA-5154-1:97DF0", "DEBIAN:DSA-5155-1:3DDFA", "DEBIAN:DSA-5169-1:87483", "DEBIAN:DSA-5174-1:32717", "DEBIAN:DSA-5182-1:8F837", "DEBIAN:DSA-5183-1:21CAB", "DEBIAN:DSA-5197-1:EFC47", "DEBIAN:DSA-5203-1:322BF", "DEBIAN:DSA-5218-1:E4A51", "DEBIAN:DSA-5236-1:36B8F", "DEBIAN:DSA-5255-1:CE251", "DEBIAN:DSA-5286-1:A9AA6", "DEBIAN:DSA-5287-1:12BD4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-20107", "DEBIANCVE:CVE-2016-3709", "DEBIANCVE:CVE-2020-0256", "DEBIANCVE:CVE-2020-35525", "DEBIANCVE:CVE-2020-35527", "DEBIANCVE:CVE-2021-0308", "DEBIANCVE:CVE-2021-38561", "DEBIANCVE:CVE-2021-44716", "DEBIANCVE:CVE-2021-44717", "DEBIANCVE:CVE-2022-0391", "DEBIANCVE:CVE-2022-0934", "DEBIANCVE:CVE-2022-1292", "DEBIANCVE:CVE-2022-1304", "DEBIANCVE:CVE-2022-1586", "DEBIANCVE:CVE-2022-1705", "DEBIANCVE:CVE-2022-1785", "DEBIANCVE:CVE-2022-1897", "DEBIANCVE:CVE-2022-1927", "DEBIANCVE:CVE-2022-1962", "DEBIANCVE:CVE-2022-2068", "DEBIANCVE:CVE-2022-2097", "DEBIANCVE:CVE-2022-22624", "DEBIANCVE:CVE-2022-22628", "DEBIANCVE:CVE-2022-22629", "DEBIANCVE:CVE-2022-22662", "DEBIANCVE:CVE-2022-23772", "DEBIANCVE:CVE-2022-23773", "DEBIANCVE:CVE-2022-23806", "DEBIANCVE:CVE-2022-24795", "DEBIANCVE:CVE-2022-2509", "DEBIANCVE:CVE-2022-25308", "DEBIANCVE:CVE-2022-25309", "DEBIANCVE:CVE-2022-25310", "DEBIANCVE:CVE-2022-26700", "DEBIANCVE:CVE-2022-26709", "DEBIANCVE:CVE-2022-26710", "DEBIANCVE:CVE-2022-26716", "DEBIANCVE:CVE-2022-26717", "DEBIANCVE:CVE-2022-26719", "DEBIANCVE:CVE-2022-27404", "DEBIANCVE:CVE-2022-27405", "DEBIANCVE:CVE-2022-27406", "DEBIANCVE:CVE-2022-28131", "DEBIANCVE:CVE-2022-29526", "DEBIANCVE:CVE-2022-30293", "DEBIANCVE:CVE-2022-30629", "DEBIANCVE:CVE-2022-30630", "DEBIANCVE:CVE-2022-30631", "DEBIANCVE:CVE-2022-30632", "DEBIANCVE:CVE-2022-30633", "DEBIANCVE:CVE-2022-30635", "DEBIANCVE:CVE-2022-30698", "DEBIANCVE:CVE-2022-30699", "DEBIANCVE:CVE-2022-32148", "DEBIANCVE:CVE-2022-32206", "DEBIANCVE:CVE-2022-32208", "DEBIANCVE:CVE-2022-34903", "DEBIANCVE:CVE-2022-3515", "DEBIANCVE:CVE-2022-37434", "DEBIANCVE:CVE-2022-40674", "DEBIANCVE:CVE-2022-42898"]}, {"type": "f5", "idList": ["F5:K21600298", "F5:K23605974", "F5:K44454157", "F5:K62444703", "F5:K67213091", "F5:K83430580"]}, {"type": "fedora", "idList": ["FEDORA:0031930683FA", "FEDORA:0036B307251B", "FEDORA:0049730680FF", "FEDORA:0095630B00AD", "FEDORA:0095F30BF557", "FEDORA:00E3C30BF6B2", "FEDORA:0113E30687AB", "FEDORA:01A1130BF696", "FEDORA:025C230BF689", "FEDORA:02B93304938D", "FEDORA:03233304C3D1", "FEDORA:0365E30680FF", "FEDORA:038CF304C819", "FEDORA:03B0F3072535", "FEDORA:0456530BF8CC", "FEDORA:0464A30683FA", "FEDORA:054B6319A8F6", "FEDORA:057DA30ACC3C", "FEDORA:066AE30683FA", "FEDORA:067D330BF8D6", "FEDORA:06AB430569DF", "FEDORA:06D213048A2B", "FEDORA:06FE93048A0A", "FEDORA:0701230BF696", "FEDORA:077C53057960", "FEDORA:07B5E304C819", "FEDORA:07D9E30BF566", "FEDORA:07FDE30BF685", "FEDORA:08C493072535", "FEDORA:094A3304C3D1", "FEDORA:09F17304C3D1", "FEDORA:0A0E330BF57F", "FEDORA:0A9C130687AB", "FEDORA:0A9C530BF544", "FEDORA:0AA9E304C5FE", "FEDORA:0ACD4307459D", "FEDORA:0B0A3304C3D1", "FEDORA:0B14530683FA", "FEDORA:0B727304C3D1", "FEDORA:0B93830BF681", "FEDORA:0BE0F30BF544", "FEDORA:0BE2330BF685", "FEDORA:0BFBC30BF557", "FEDORA:0CA2730687AB", "FEDORA:0D2963072EAA", "FEDORA:0DA11307253A", "FEDORA:0DBC330B86F8", "FEDORA:0DD59304938D", "FEDORA:0E04730BF54A", "FEDORA:0E68B30683FA", "FEDORA:0E70530683FA", "FEDORA:0EB7C30BF689", "FEDORA:0EF3630680FF", "FEDORA:0EFD530BF689", "FEDORA:0F78C304C819", "FEDORA:0F9ED304938D", "FEDORA:0FA3130A5965", "FEDORA:0FFD13072534", "FEDORA:1018230A5965", "FEDORA:10C9C304938D", "FEDORA:11D9F3204590", "FEDORA:1255530BF54A", "FEDORA:12EEE30BF557", "FEDORA:12EF53035617", "FEDORA:131F230BF557", "FEDORA:13B4F30BF566", "FEDORA:13C5C30BF556", "FEDORA:14008304938D", "FEDORA:1413430BF57F", "FEDORA:142DF30B00AD", "FEDORA:14356304C3D1", "FEDORA:14A363058522", "FEDORA:14DC630BF557", "FEDORA:15000304C5FE", "FEDORA:150DF30BC732", "FEDORA:15B2130AA454", "FEDORA:16E4B3068B7E", "FEDORA:16F8A30BF8DA", "FEDORA:175AB30D4C0F", "FEDORA:188FF30BF57F", "FEDORA:18E6630BF681", "FEDORA:1930C304C5FE", "FEDORA:19609304C5FE", "FEDORA:1962330D4C0F", "FEDORA:19CE730C9D9A", "FEDORA:1A51630BF54A", "FEDORA:1A69030680FF", "FEDORA:1A75B3072512", "FEDORA:1A9AA3072536", "FEDORA:1B34430687AB", "FEDORA:1B90A304C819", "FEDORA:1BA3D304938D", "FEDORA:1C6A8304C819", "FEDORA:1C84C304C3D1", "FEDORA:1CC0430A5965", "FEDORA:1D03330BF68E", "FEDORA:1D03C30BF557", "FEDORA:1D6AA304C819", "FEDORA:1D7EB30BF6B2", "FEDORA:1DF6730BF696", "FEDORA:1E1B530BF557", "FEDORA:1E77E30BF8C1", "FEDORA:1E94A30BF568", "FEDORA:1E9BC304C3D1", "FEDORA:1EB9730BF696", "FEDORA:1EF273138DA9", "FEDORA:1EFCA30683FA", "FEDORA:1F82E30BF544", "FEDORA:1F83730C3DF7", "FEDORA:1FD283052DF1", "FEDORA:20551304C5FE", "FEDORA:2145730A5965", "FEDORA:217FE302CDB3", "FEDORA:2181A30BF544", "FEDORA:2185E3072536", "FEDORA:223CF30691E0", "FEDORA:226A330680FF", "FEDORA:22B89304938D", "FEDORA:22BA43098B92", "FEDORA:22FCF3068B43", "FEDORA:22FEA304C819", "FEDORA:23A073052F02", "FEDORA:2411730BF6B4", "FEDORA:242003072512", "FEDORA:244A330680FF", "FEDORA:2465430BF568", "FEDORA:24E03304C5FE", "FEDORA:24E37304C3D1", "FEDORA:257DE30BF557", "FEDORA:2597E30BF683", "FEDORA:25B4F30BF557", "FEDORA:25D73304938D", "FEDORA:25EEA30B4272", "FEDORA:26412307250A", "FEDORA:264B930A5965", "FEDORA:2660730BF566", "FEDORA:267AF304C819", "FEDORA:272813047E25", "FEDORA:2734530687AB", "FEDORA:273B03046B35", "FEDORA:274EE30683FA", "FEDORA:27D81304938D", "FEDORA:2811B3058385", "FEDORA:2950F30BF57F", "FEDORA:29DC130BF54A", "FEDORA:2A1263071E4B", "FEDORA:2A14E30A5965", "FEDORA:2A2A730BF557", "FEDORA:2A61830571BA", "FEDORA:2A7A530BF689", "FEDORA:2A9CE304C3D1", "FEDORA:2AC54305796B", "FEDORA:2B43E30BF681", "FEDORA:2BFB0302A923", "FEDORA:2C24930BF6BB", "FEDORA:2C57A304C819", "FEDORA:2CA0F304C819", "FEDORA:2CF81304C819", "FEDORA:2D2C43104B07", "FEDORA:2E1EF304C3D1", "FEDORA:2E34930CAEEA", "FEDORA:2E3DD30BF57F", "FEDORA:2F5243106618", "FEDORA:2FB5430BF566", "FEDORA:301FF30BF685", "FEDORA:30225302A9C5", "FEDORA:30F6430BF694", "FEDORA:30FB8307251B", "FEDORA:3105130680FF", "FEDORA:3217A30BF557", "FEDORA:321AE304C819", "FEDORA:321B7307250A", "FEDORA:3271630A5965", "FEDORA:327F930683FA", "FEDORA:32DDB30BF8EF", "FEDORA:32DF93065945", "FEDORA:33286306DFC8", "FEDORA:3334830BF690", "FEDORA:333FF30A5965", "FEDORA:33937304C819", "FEDORA:33A2A3047E25", "FEDORA:34ABD304E613", "FEDORA:34E3A30B00AD", "FEDORA:3513B304C5FE", "FEDORA:3550F30680FF", "FEDORA:3573430B00AD", "FEDORA:35871304938D", "FEDORA:35ACC30683F6", "FEDORA:3641430569C5", "FEDORA:364FF304C819", "FEDORA:36DAD30B13E3", "FEDORA:36E04304C5FE", "FEDORA:375BA30BF8CF", "FEDORA:382AE3047E25", "FEDORA:38F783045B40", "FEDORA:391F030BF544", "FEDORA:3980C30A5965", "FEDORA:39F8F306B9A0", "FEDORA:3A1AD304E4FF", "FEDORA:3A2D6304938D", "FEDORA:3A48D304C819", "FEDORA:3AD54304C3D1", "FEDORA:3AF12307252D", "FEDORA:3B98230BF544", "FEDORA:3BCDE30BF681", "FEDORA:3C5A23072512", "FEDORA:3C8A0304C5FE", "FEDORA:3C9C330BF6BC", "FEDORA:3CDD130A5965", "FEDORA:3CE6930BF69D", "FEDORA:3D47D304C819", "FEDORA:3E3933068B68", "FEDORA:3E5D6304C819", "FEDORA:3E601306B9A0", "FEDORA:3EC36304938D", "FEDORA:3ECA930BAE11", "FEDORA:3EED430ACC3C", "FEDORA:3F0E3304C3E6", "FEDORA:3F18D30683FA", "FEDORA:3F1AD30ACC3C", "FEDORA:3F4F230687AB", "FEDORA:3F733304938D", "FEDORA:3F87430683FA", "FEDORA:3FFC6304C819", "FEDORA:40905316CFAE", "FEDORA:40D35304C819", "FEDORA:4149D30BC732", "FEDORA:4161A30BF6BC", "FEDORA:4168B30D4C0F", "FEDORA:4179F30BF8C5", "FEDORA:41BB73134122", "FEDORA:41BE130BF57F", "FEDORA:4318F3104B2B", "FEDORA:4368830BF566", "FEDORA:440E230BF6AE", "FEDORA:4426B304C819", "FEDORA:449BA30BF8C0", "FEDORA:44DFF30B00AD", "FEDORA:44E3930BF557", "FEDORA:44F01304C5FE", "FEDORA:4534E304C5FE", "FEDORA:4539B310662E", "FEDORA:453D530A5965", "FEDORA:4576E30BF6A0", "FEDORA:45A24310662E", "FEDORA:461F8304938D", "FEDORA:463D5304C5FE", "FEDORA:46730304CB8A", "FEDORA:46F1F307250A", "FEDORA:471F330BF557", "FEDORA:4760B307252D", "FEDORA:4791430BF681", "FEDORA:4794930BF6A3", "FEDORA:47D5F30BF557", "FEDORA:4863A30BD3E6", "FEDORA:4881F30BF689", "FEDORA:48A67307251B", "FEDORA:490003104B07", "FEDORA:494A9304C819", "FEDORA:496453057960", "FEDORA:4A0693052DA2", "FEDORA:4A3B8304C3D1", "FEDORA:4AD2C304C3D1", "FEDORA:4B13E3035611", "FEDORA:4B70130BF54A", "FEDORA:4BA6430BF6BB", "FEDORA:4BF71304C3D1", "FEDORA:4C88C306879D", "FEDORA:4D009304C3D1", "FEDORA:4D9A8304C819", "FEDORA:4D9D1304938D", "FEDORA:4DA2B30BF6BC", "FEDORA:4E058304938D", "FEDORA:4E0BB30A5965", "FEDORA:4E12A30BF557", "FEDORA:4E8273052E96", "FEDORA:4EC8130680FF", "FEDORA:4F3DF30509EA", "FEDORA:4F68930BF574", "FEDORA:4F6A3306F2C2", "FEDORA:4FE0E307F425", "FEDORA:50926304938D", "FEDORA:50FE2304938D", "FEDORA:5116130BF8CC", "FEDORA:517D430BF694", "FEDORA:51CF4307251B", "FEDORA:51F9230B00AD", "FEDORA:525B7304938D", "FEDORA:5284430BF54A", "FEDORA:52A2A30683FA", "FEDORA:52D573072535", "FEDORA:52E333057969", "FEDORA:52EC830680FF", "FEDORA:5318E30BF54A", "FEDORA:53FA330BF691", "FEDORA:5503230BF6A3", "FEDORA:5565B304938D", "FEDORA:5597430B00AD", "FEDORA:56DFD304C3D1", "FEDORA:56E5F30BF566", "FEDORA:57259304C3D1", "FEDORA:575193047E25", "FEDORA:57F4F30ACC3C", "FEDORA:581A8304C819", "FEDORA:58B38304C5FE", "FEDORA:58B81304C5FE", "FEDORA:58C09304C5FE", "FEDORA:58E4330A5965", "FEDORA:58EB530A5965", "FEDORA:5909E304C5FE", "FEDORA:591D3304C557", "FEDORA:595843065945", "FEDORA:595C8304938D", "FEDORA:5A559306A58E", "FEDORA:5A5A5301DAE2", "FEDORA:5B045310662F", "FEDORA:5BF2E30BF699", "FEDORA:5D08B304C5FE", "FEDORA:5D522304C3D1", "FEDORA:5D57430A5965", "FEDORA:5D6473104B07", "FEDORA:5D70A304C819", "FEDORA:5E40530BF8C5", "FEDORA:5E5193072534", "FEDORA:5E6E7304C3D1", "FEDORA:5E763304C819", "FEDORA:5EE3030493B4", "FEDORA:5F11D3104B2B", "FEDORA:5F9893072535", "FEDORA:60914304C5FE", "FEDORA:6106B30BF544", "FEDORA:6169E304C5FE", "FEDORA:6197630BF8D7", "FEDORA:6268530BF8C6", "FEDORA:62929304C5FE", "FEDORA:62D7B30BF6AE", "FEDORA:62ECD30BF568", "FEDORA:6304330687AB", "FEDORA:6346A307250A", "FEDORA:6450E30683FA", "FEDORA:648D630BF544", "FEDORA:64DE930BF6BB", "FEDORA:6502F30BF6BB", "FEDORA:6561B304C3D1", "FEDORA:6581530683FA", "FEDORA:658F030BF6BC", "FEDORA:65B0C304938D", "FEDORA:6621530680FF", "FEDORA:665F13047E2B", "FEDORA:6682330BF8C1", "FEDORA:67B0730BF683", "FEDORA:67C9830B00AD", "FEDORA:680DF30B00AD", "FEDORA:689003072535", "FEDORA:68C8730BF557", "FEDORA:695A8304C819", "FEDORA:69C2430BF689", "FEDORA:6A16C30683FA", "FEDORA:6A1BF30A5965", "FEDORA:6A2FD30BF557", "FEDORA:6A31A30680FF", "FEDORA:6A4643072536", "FEDORA:6A710304C3D1", "FEDORA:6A7E230BF694", "FEDORA:6B3C630680FF", "FEDORA:6B462304C3D1", "FEDORA:6BC2230BF8C4", "FEDORA:6D997311CECF", "FEDORA:6DF23304C819", "FEDORA:6DFC530BF54A", "FEDORA:6E22430B00AD", "FEDORA:6E6F530BF54A", "FEDORA:6EF5D304C5FE", "FEDORA:6F744304C5FE", "FEDORA:6FFC0304C3D1", "FEDORA:703E130680FF", "FEDORA:7066930BF689", "FEDORA:7113D304C819", "FEDORA:7185A30BF57F", "FEDORA:71C29304C3D1", "FEDORA:72011309D3ED", "FEDORA:7276A304C6BF", "FEDORA:72B64305719C", "FEDORA:72B9A30683FA", "FEDORA:72FE13106617", "FEDORA:7300D30BF694", "FEDORA:7347130B680C", "FEDORA:735DA306DFE6", "FEDORA:73A6A30BF696", "FEDORA:73AE030BF681", "FEDORA:74F503106617", "FEDORA:7540E304938C", "FEDORA:755AF3072537", "FEDORA:75BF530BF544", "FEDORA:75C0530BF54A", "FEDORA:75C4D30BF556", "FEDORA:75CA430BF557", "FEDORA:75FCC307253A", "FEDORA:764AD30680FF", "FEDORA:765BB3067778", "FEDORA:778543048A0A", "FEDORA:77AE2304C5FE", "FEDORA:77C64304C3D1", "FEDORA:7821E30BF566", "FEDORA:789BB30687B9", "FEDORA:78B8130BF57F", "FEDORA:78FD0306B9A0", "FEDORA:7902030B00AD", "FEDORA:79077304938D", "FEDORA:7909A30BF681", "FEDORA:7963330680FF", "FEDORA:7965B30BF6BC", "FEDORA:796E9306B992", "FEDORA:79FAA30A5965", "FEDORA:7A1993072512", "FEDORA:7A79330BF544", "FEDORA:7AD7B30BF557", "FEDORA:7AE5E30BF557", "FEDORA:7B214304C3D1", "FEDORA:7B40630BF699", "FEDORA:7B6A030680FF", "FEDORA:7C23730687AB", "FEDORA:7C6C330BF688", "FEDORA:7CD3B30B00AD", "FEDORA:7D19B304C819", "FEDORA:7D262307250A", "FEDORA:7D9DB30528F7", "FEDORA:7DCCE30BF6AE", "FEDORA:7DD3E30BF571", "FEDORA:7DE9D30BF6AE", "FEDORA:7E16A304938D", "FEDORA:7E170304C819", "FEDORA:7E17D30683FA", "FEDORA:7E6D230B00AD", "FEDORA:7EA5F30BF6BC", "FEDORA:7EAFA309A18F", "FEDORA:7EDB9304C819", "FEDORA:7F17F307250A", "FEDORA:807CF30A5965", "FEDORA:80F2A3072534", "FEDORA:8165430A5965", "FEDORA:81DA230BF8DB", "FEDORA:820B3304C5FE", "FEDORA:82A1830687AB", "FEDORA:82A4F304C5FE", "FEDORA:82B7330B00AD", "FEDORA:8312630680FF", "FEDORA:8313C304C5FE", "FEDORA:8363F30A5965", "FEDORA:837D2306B9A0", "FEDORA:8382F304CB81", "FEDORA:83B40304C819", "FEDORA:8457730683FA", "FEDORA:854A530BF57F", "FEDORA:854AF30BF54A", "FEDORA:85C98304C5FE", "FEDORA:86D9C304938D", "FEDORA:8730C3047E25", "FEDORA:8765C3106618", "FEDORA:87C9630450DD", "FEDORA:87EC530BF557", "FEDORA:881FF3046B35", "FEDORA:8882E30B00AD", "FEDORA:8885830A5965", "FEDORA:88FA53106618", "FEDORA:891A4304C3D1", "FEDORA:89A21304C3D1", "FEDORA:89A99304938D", "FEDORA:8A35330BF566", "FEDORA:8AB3330BF544", "FEDORA:8AC763106618", "FEDORA:8B042304938D", "FEDORA:8B768304C3D1", "FEDORA:8BB7130BF685", "FEDORA:8BDE3307253A", "FEDORA:8C00E30A5965", "FEDORA:8C6C030A5965", "FEDORA:8CA4030BF54A", "FEDORA:8CC673072534", "FEDORA:8D31D30B00AD", "FEDORA:8D9A030BF696", "FEDORA:8DA6C30BF568", "FEDORA:8DB0E30BC732", "FEDORA:8E19630214B7", "FEDORA:8E35E30BF574", "FEDORA:8E83D304C819", "FEDORA:8FB28306777D", "FEDORA:8FF5A30BF544", "FEDORA:902EF30691CA", "FEDORA:90D27304C819", "FEDORA:911A4304C3D1", "FEDORA:912DF30BF695", "FEDORA:9160330BF574", "FEDORA:918EF30683FA", "FEDORA:91A3E307251B", "FEDORA:91B9C304C819", "FEDORA:92D4A30BF8D2", "FEDORA:938EF3047E25", "FEDORA:94160304C819", "FEDORA:94A7930BF557", "FEDORA:94B1D30BF57F", "FEDORA:94DB030B0318", "FEDORA:95DA930680F6", "FEDORA:963C6304C5FE", "FEDORA:964B530BF568", "FEDORA:9681430683FA", "FEDORA:9693D304C5FE", "FEDORA:9704E30680FF", "FEDORA:970F230BF699", "FEDORA:9716E304C5FE", "FEDORA:972773072537", "FEDORA:973BF30BF68E", "FEDORA:98438304938D", "FEDORA:9986830BF568", "FEDORA:99B2F30683FA", "FEDORA:9A6B63047E25", "FEDORA:9ABCB30ACC3C", "FEDORA:9AC55304C3D1", "FEDORA:9B1CD30BF8DC", "FEDORA:9B455301E446", "FEDORA:9B65E30BF681", "FEDORA:9B928304C3D1", "FEDORA:9BB57304938D", "FEDORA:9C2C230BF557", "FEDORA:9CEC9304938D", "FEDORA:9D14330BF68E", "FEDORA:9D6483106630", "FEDORA:9DD42304C3D1", "FEDORA:9DD5330BF6AE", "FEDORA:9E70A30BF694", "FEDORA:9EB31304C819", "FEDORA:9EC21304C819", "FEDORA:9EC5B3104B07", "FEDORA:9F6A9304C819", "FEDORA:9FB3730B00AD", "FEDORA:9FE0F304938D", "FEDORA:A02E030A5965", "FEDORA:A0B9A3065945", "FEDORA:A13B7304C5FE", "FEDORA:A14AF30680FF", "FEDORA:A17AE3056A55", "FEDORA:A196F30BF54A", "FEDORA:A23B830BF566", "FEDORA:A2594307250A", "FEDORA:A286D30BF54A", "FEDORA:A2CEE30687AB", "FEDORA:A2E8E30A5965", "FEDORA:A2ED530BF571", "FEDORA:A406530BF557", "FEDORA:A44963072537", "FEDORA:A4AE130683FA", "FEDORA:A4B9330BF556", "FEDORA:A4FC7304938D", "FEDORA:A52B830BF689", "FEDORA:A61AB30A5965", "FEDORA:A7241304C5FE", "FEDORA:A74CB30A5965", "FEDORA:A762130BEEE0", "FEDORA:A823B30BF566", "FEDORA:A890B30832D3", "FEDORA:A8932307252D", "FEDORA:A8ACC30BAD11", "FEDORA:A8CD930BF57F", "FEDORA:A8D4830BF681", "FEDORA:A9839304C3D1", "FEDORA:A99A630680FF", "FEDORA:A9B2430BF689", "FEDORA:A9B95304C5FE", "FEDORA:AA08030BF689", "FEDORA:ABB16306B9A0", "FEDORA:ABE7D304C819", "FEDORA:ABEEB304938D", "FEDORA:AC225304C819", "FEDORA:AC2D130BF54A", "FEDORA:ACD1F30B099D", "FEDORA:ACD9B30BF8C5", "FEDORA:ACF6830BF68E", "FEDORA:AD61A3058385", "FEDORA:ADDD53072512", "FEDORA:AE4BB30BF571", "FEDORA:AE4E730680FF", "FEDORA:AE52530680EF", "FEDORA:AE6C030BF566", "FEDORA:AEA0D30A5965", "FEDORA:AEBB7304C3D1", "FEDORA:AEC2F30BF8C2", "FEDORA:AEDE330683FA", "FEDORA:AF0B830687AB", "FEDORA:AF30B304938D", "FEDORA:AF53C30BF6AE", "FEDORA:B0A1730680FF", "FEDORA:B1F6E30687AB", "FEDORA:B233730BF6BC", "FEDORA:B2C0930683FA", "FEDORA:B2D8630BF685", "FEDORA:B320F3106632", "FEDORA:B36B530BF8CD", "FEDORA:B387A3046B35", "FEDORA:B3D1B304C6BF", "FEDORA:B3EB5302A921", "FEDORA:B4158304938D", "FEDORA:B417B304C819", "FEDORA:B44343072512", "FEDORA:B50B530C835E", "FEDORA:B53FA30BF54A", "FEDORA:B651E304C3D1", "FEDORA:B661A30687AB", "FEDORA:B69A5304C5FE", "FEDORA:B6B1430683FA", "FEDORA:B6BC83104B2B", "FEDORA:B6F7430BF6B3", "FEDORA:B806630A1040", "FEDORA:B821830683FA", "FEDORA:B83DD304C6C7", "FEDORA:B87DE304C3D1", "FEDORA:B8ABA30D4C0F", "FEDORA:B8B4730BF568", "FEDORA:B8C453072512", "FEDORA:B9157304C819", "FEDORA:B930130B00AD", "FEDORA:B9478304C819", "FEDORA:B95C930AE7D2", "FEDORA:BA88B30609BB", "FEDORA:BAB3F304938D", "FEDORA:BACD4304C5FE", "FEDORA:BBCC730AE7CB", "FEDORA:BBFE9307253C", "FEDORA:BCA0E304C251", "FEDORA:BCE71304C5FE", "FEDORA:BD14D30BF544", "FEDORA:BD23C30BF556", "FEDORA:BD40B30BF8E1", "FEDORA:BD84630BF8C5", "FEDORA:BE15830BF557", "FEDORA:BE46E3044796", "FEDORA:BE6BD304C819", "FEDORA:BE89730BF574", "FEDORA:BF522304CB81", "FEDORA:BF819304C3D1", "FEDORA:C0FF7307250A", "FEDORA:C1EC2304C3D1", "FEDORA:C1FC9304C5FE", "FEDORA:C21C1304C819", "FEDORA:C303E30843CD", "FEDORA:C414B304C5FE", "FEDORA:C462F30BF685", "FEDORA:C4B4D304C5FE", "FEDORA:C53B230BF544", "FEDORA:C548030BF696", "FEDORA:C5B1D3072536", "FEDORA:C6795304C5FE", "FEDORA:C6B60306596E", "FEDORA:C6B72304C5FE", "FEDORA:C6F3E30BF69D", "FEDORA:C6F78304C3D1", "FEDORA:C714830BF694", "FEDORA:C717B3068B50", "FEDORA:C7E5D30680FF", "FEDORA:C7F8B30BF681", "FEDORA:C81FE30BF54A", "FEDORA:C87A530BF681", "FEDORA:C8C4A30BF696", "FEDORA:C8D4630BF681", "FEDORA:C935C30A5965", "FEDORA:C93673104B2B", "FEDORA:C96C3309906C", "FEDORA:C9B8F30BF694", "FEDORA:CA1D3304C5FE", "FEDORA:CA2C730BF557", "FEDORA:CA4AF30680FF", "FEDORA:CAED4307251B", "FEDORA:CB8BA30B00AD", "FEDORA:CBFF8304C5FE", "FEDORA:CC46D30680FF", "FEDORA:CC4CA30BF557", "FEDORA:CC5703067757", "FEDORA:CC65A30687AB", "FEDORA:CC6A730BF544", "FEDORA:CC80A30BF689", "FEDORA:CC80D30BF696", "FEDORA:CC84130BF688", "FEDORA:CD22030680FF", "FEDORA:CD2C830BF696", "FEDORA:CD90E30BF557", "FEDORA:CE4AA304C819", "FEDORA:CE73730683FA", "FEDORA:CEA00304C819", "FEDORA:CEB833106618", "FEDORA:CEEF730680FF", "FEDORA:CEF0A307252D", "FEDORA:CF25A304C3D1", "FEDORA:CFBB930B00AD", "FEDORA:D00BF30BF689", "FEDORA:D051B30680FF", "FEDORA:D0EFE30BF566", "FEDORA:D103A304C5FE", "FEDORA:D1141304938D", "FEDORA:D1595304938D", "FEDORA:D225B30A279F", "FEDORA:D28ED305E2C3", "FEDORA:D29D2304C6B0", "FEDORA:D2E7C304C3D1", "FEDORA:D3BA5304C3D1", "FEDORA:D4424307252D", "FEDORA:D453230BF8C0", "FEDORA:D49A730BF6A0", "FEDORA:D5B6730A5965", "FEDORA:D705C30BF544", "FEDORA:D74713072512", "FEDORA:D74D9304C5FE", "FEDORA:D755730ACC3C", "FEDORA:D7570304938D", "FEDORA:D7AEA30BF694", "FEDORA:D7B7B30BF54A", "FEDORA:D802030583BF", "FEDORA:D8AA93067EC5", "FEDORA:D8AAA30BF6AE", "FEDORA:D8E1830BF557", "FEDORA:D922F30BF566", "FEDORA:D962A30BF8D0", "FEDORA:D997430BF696", "FEDORA:D9C5F3056A54", "FEDORA:DA43030BF689", "FEDORA:DA58E30BF8CB", "FEDORA:DA5CB30BD1F6", "FEDORA:DB61F304E78E", "FEDORA:DB825304938D", "FEDORA:DBE88304C819", "FEDORA:DC5B0307253A", "FEDORA:DC5D330BF689", "FEDORA:DCEFD30BF566", "FEDORA:DD98530680FF", "FEDORA:DDD5530BF557", "FEDORA:DDFED30D4C0F", "FEDORA:DE7E8304C3D1", "FEDORA:DEC25301DFE7", "FEDORA:DEE4E304C819", "FEDORA:DEF0E304C3D1", "FEDORA:DF18830683FA", "FEDORA:DF60E30530BE", "FEDORA:E007B3072E34", "FEDORA:E020E304C5FE", "FEDORA:E051F30B682E", "FEDORA:E0C7D305D40F", "FEDORA:E0DFE30BF557", "FEDORA:E10F730A5965", "FEDORA:E1537304938D", "FEDORA:E15BC30BF8C1", "FEDORA:E191C3072534", "FEDORA:E200630687AB", "FEDORA:E26F6304C3D1", "FEDORA:E2C27309907D", "FEDORA:E2F063057960", "FEDORA:E35FE30BF685", "FEDORA:E39F630BF6AE", "FEDORA:E438C304938D", "FEDORA:E4C1E306AB41", "FEDORA:E4FB0304C5FE", "FEDORA:E511730BF556", "FEDORA:E52273104B07", "FEDORA:E5B33307250A", "FEDORA:E5B6430B00AD", "FEDORA:E6212304C819", "FEDORA:E64C230687AB", "FEDORA:E691030B00AD", "FEDORA:E6B6B30BF566", "FEDORA:E6BE2304938D", "FEDORA:E739330A5965", "FEDORA:E79DE30BF54A", "FEDORA:E807830680FF", "FEDORA:E89C2304938D", "FEDORA:E8CD2304C5FE", "FEDORA:E952630A5965", "FEDORA:E984030A30C7", "FEDORA:E99CA30BF689", "FEDORA:EA40A30680FF", "FEDORA:EA47830BF681", "FEDORA:EA61C3047E25", "FEDORA:EA77D30BF544", "FEDORA:EB1313072536", "FEDORA:EB5A5304938D", "FEDORA:EB85E30BF8D1", "FEDORA:EBE043099501", "FEDORA:EC02530BF557", "FEDORA:EC08630680FF", "FEDORA:EC23D30683FA", "FEDORA:EC82130BF696", "FEDORA:ECA3130BF688", "FEDORA:ECFDF30BF696", "FEDORA:ED65F30BF685", "FEDORA:EDBDF307251B", "FEDORA:EE41630BF683", "FEDORA:EEB3B30B00AD", "FEDORA:EEC2C304C5FE", "FEDORA:EF6BD3067761", "FEDORA:EF83E304E306", "FEDORA:EFF6B304C819", "FEDORA:F0023304C3D1", "FEDORA:F06503048A39", "FEDORA:F0C8A30BF685", "FEDORA:F0D1D30BF68E", "FEDORA:F157031950DA", "FEDORA:F371730BF54A"]}, {"type": "freebsd", "idList": ["094E4A5B-6511-11ED-8C5E-206A8A720317", "096AB080-907C-11EC-BB14-002324B2FBA8", "0A0670A1-3E1A-11ED-B48B-E0D55E2A8BF9", "15888C7E-E659-11EC-B7FE-10C37B4AC2EA", "1CD0C17A-17C0-11ED-91A5-080027F5FEC9", "3F321A5A-B33B-11EC-80C2-1BB2C6A00592", "4B9C1C17-587C-11ED-856E-D4C9EF517024", "4EEB93BF-F204-11EC-8FBD-D4C9EF517024", "720505FE-593F-11EC-9BA8-002324B2FBA8", "8E150606-08C9-11ED-856E-D4C9EF517024", "A1323A76-28F1-11ED-A72A-002590C1F29C", "A1360138-D446-11EC-8EA1-10C37B4AC2EA", "A28E8B7E-FC70-11EC-856E-D4C9EF517024", "A4F2416C-02A0-11ED-B817-10C37B4AC2EA", "A58F3FDE-E4E0-11EC-8340-2D623369B8B5", "AE5722A6-F5F0-11EC-856E-D4C9EF517024", "B9210706-FEB0-11EC-81FA-1C697A616631", "BC43A578-14EC-11ED-856E-D4C9EF517024", "FCEB2B08-CB76-11EC-A06F-D4C9EF517024"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-22:13.ZLIB", "FREEBSD_ADVISORY:FREEBSD-SA-22:14.HEIMDAL"]}, {"type": "gentoo", "idList": ["GLSA-202105-03", "GLSA-202208-02", "GLSA-202208-32", "GLSA-202208-39", "GLSA-202209-24", "GLSA-202210-02", "GLSA-202210-23", "GLSA-202210-42", "GLSA-202211-06", "GLSA-202212-01", "GLSA-202212-02", "GLSA-202212-07"]}, {"type": "github", "idList": ["GHSA-3WX7-46CH-7RQ2", "GHSA-CVX8-PPMC-78HM", "GHSA-JJ47-X69X-MXRM", "GHSA-M7VP-HQWV-7M5X", "GHSA-PPP9-7JFF-5VJ2"]}, {"type": "githubexploit", "idList": ["2EF519E9-1FB0-5978-80E6-42B558A3B3B0", "33186A5F-0C7E-5542-AEC3-BEC940C50B5C", "3ED56337-803D-5E98-8BA0-AC8CDCDCC96D", "4012995B-2E6C-5B0B-A5D0-B0B4278FDFF8", "404D6E8E-0255-5C32-ABE3-7BD16A827348", "480511F0-20B1-50CD-88F2-41A9E04C69A0", "63864FA7-D343-5F8E-8418-001077DB5B78", "8E0D4DF9-029A-59C5-B3A1-50166EA449CB", "90D0B73F-6288-58DF-893E-AE5DD3207FA3", "9BA7DD91-CA4C-5195-B7A3-C78E108A7B74", "BF956BA1-FA82-5E2E-A749-70C645360A84", "D60A198B-340E-5D0B-9E86-7F13DFC56CC5"]}, {"type": "gitlab", "idList": ["GITLAB-0045A5C220FCABCB0092C0244EEE4EE4", "GITLAB-18885FD7264070E9FB3552914A25428D", "GITLAB-77FEE7DFD4AE46E8FF8BE2E31EA3706D", "GITLAB-C331C1592C4E2626026D81F7ABAB2442", "GITLAB-D3A502BF795582B7DA47DAFC7E0DFF69", "GITLAB-DF5BB7F4E5A53473B793933B32E5695B"]}, {"type": "hackerone", "idList": ["H1:1570651", "H1:1590071", "H1:1614330", "H1:1614332"]}, {"type": "huntr", "idList": ["82C12151-C283-40CF-AA05-2E39EFA89118", "8C969CBA-EEF2-4943-B44A-4E3089599109", "945107EF-0B27-41C7-A03C-DB99DEF0E777"]}, {"type": "ibm", "idList": ["00E427FDE1ED2FCC942B37A9297706D3A726FAC519A340420CCF652F75075CF5", "00F0E0ECEBB952AB826F31E7D79A02F5B4C267A158C9FDB4C4A1786D88E1D770", "02EB92A12F0B0155D656559CBE26AD048CDDF7777A2839CE237B90934EBBE0DA", "0380D36EAE3DFC60FC3B2FED6F0A9B8C068412877A63D4F06C96DB5A5920A468", "04D02600D89439205D8D1AA77AE251D9A49746793CFD31C0A5022E484F75D475", "0505D8C5E11C0E99E93BD29F133B6B0ACD7C7D98BE2E3E46B53047D320E6B780", "07B0248B3BD4D9C211F92809800D29F6323D74D4D24B0AD7DE45454B76DA398F", "0C73E239B7507EA87A84E5699D3481C10F71C405C6E86EB8A6F80FC3DC73AA13", "0D2F7CD4D9A316DB689FA453EC85BBAB531979CD406B17565EC53349CB4A044A", "0D85E5287523B83245752DC2E09287130E098DCDD6446DA2E1DF6BC26D74E767", "0E2C223C20001586A9B0EAD6AE502C814B8C7EEF7C9260D3FC6076CE4A3DAF57", "0E77C24838CDAB1277AB5CA33352CE6CCB83D6358DF909330CAE2536E8A99DED", "0E8825C75106C98D58313648BABDA1E9294C717826116FC4003C15968CD34C0D", "102B9B7DB920309348807B9EDBB8011D39F944480E9B123DF1061A6D4163603A", "1235191EB33863C1E482EB2FBE8EE07837715EFC366FA3ACAF8DD7BA16B54E47", "128F7619270E45426908D3A0D5CF9235240E41834C49B599A1930D3142C84EED", "1481DAF4C699DC048E77546A032C22E8B4F22C9CD2DD05E5F3423E026EF90E95", "1BC083EA4858E87682C2DCC388853D4448B262347029C3CAC17ED3DD53B87E2B", "1D122E5717E6BDDA2976836FBA5EB572CDBD9A9C5B48AF895D30982993B5723D", "1D375703477B8434B33880D4C2BC54C4F52207A530C550AD113F53DC33F805E9", "2007FD1781CF2022D192260E43DD6A6A9D75EAE1E583F1FF51351C7A5D643FB1", "21D5AB5811791AE936F5276CB52FCEF1380B8F8020AE9F44B3DEB09BB9F0EEEC", "247055CEA32DD63B9BC1A48F0D571452229342C8FBBA53F42CFE09CE0B99F6C7", "254982B133AF87964C8EDFD23D188B5AC76FD0D3823194E367660BA1FDE55EFC", "282DD93A6E3023292EEECC5D5C71E8CA4F4BFF5C0BD568E1D9B9FF7EF5FE7E01", "28AF07FA415EFB4C0600E47198E77EFE267BF4907EB58703528CAAFC4FB07FDE", "2A7A7E36601C6E4D31E8BA0D7AAC60D5687103E89CE9D3C6A19F73E786347129", "2ACAF7EF965645E3B6441E6A8A68E6FE8B309E3EF7A1558180C489C22189FA2F", "2BD451F728498A459873394799F530D4D51F43311EBB3F67033751E1E24230B4", "2C465CF3D13231C0CFE4FE3E34896137F5B9828E739A00307956E9E91B5D9293", "2CEF62C50CDD94A991768F05F02F6E909CA28C3D65E1DDC9FE44EB80961223F7", "2D5FDDD148F36D97070816CD237A638AF0243482770A52C05EA1858E7071EDA1", "30DC450AABD11109A70A2AFC8BA5DC8E8DEFDC385B32C17C4EE2BE3BF55721AB", "31461F7C4B45D225CFE7E9B7248DBEA2EB7047FCA3D7C5FC53A6D37D20A6FA1F", "315B599BAD4F5791931A11CFCD6DB5DF8F628F9EED8F69A67AF98E8B3CA6C1BC", "32A60A9C1BA6A62100EB71CDFA36BDD4A97E492CAF4EC2F477EF0C0B4B0BBA9B", "34554239639E7BE30D7E2FF3E60FCF35C97429B34CA07D7E3B7EDA735A843CF5", "35CAC5896337E626E05E1CD02F2076F56C9DB49D964D1F9CBB92AD13760F199B", "38115C81B948EF7038850D8C2DF7DE81E71B1B9605134C599AE1B89311A74D46", "390ADE3893D47B00F5FE2567013BE4A37123E2B659BE5E1598AD7EA5696741E2", "3C1A78B2884463FDD0373C1C8B938DC6B62E78494896694E30B6E9004C4B927F", "3D9460762BEB782D6B5E477D8ECA6BEEF59220ECB17AE91199910655895BA3EC", "401FA1E96064CFBC19434D7F7032BC4432F48EDCF088C08E803109D2EEC9C2FC", "4443FADC35F66CB2BCB006621C9AB426E9DE09C7297783AC62E37E88CB616611", "4755FB3CE3C36A79DA9DEF921D1C61A8971606D4BA507E8F90C7BCDDF87DEFCF", "4B76EF94924F14F37191F4A96DDFF74EE350A233A3D59B766AA90C193FE97447", "4D02085D2FC3BBBFFB937600F3D20F307F3BD5CB2B73614927F979C8B91D5559", "4FC3368A64F6E8C70D4C14086B7FCF5DFAF518BA3BF4DCA41C1144E20332FFDE", "50AE699C07E5F70B1AE3CA20358AC40C0A249282AA93BC9AF6AEF12C0640B515", "511CA1E500DC586414BB6B9BB4B63C20269EBEAA9179BDB82DDF8DD35087FBA8", "51CE44C1C7A51E763D9A0FB6E6C7DB8CC2B8221BC5B619DC1E6EA5956B868D7E", "53D83422E4E04BC239B54A0A2F0376ECC7C7DE773CBBCA8BB25B13FC0FAB9C08", "53F32964A2275244A5F7A1D6BE61A50BA12236B3F5CF9F259D3080CEA722858F", "57CECDA05238C7F1C9A666664B13B4805E8DF9A857BEB515F6BD4FD0EB113FE6", "57F5D196D0ED96B7C130C6725991161D567B035CCEBFDA3BA7666320B13BE3DB", "5847C6A43B9374608436806349F8DF60D26A6BD6AA1E53665DE28690D684C5FF", "58942187750FE51475FC153C3365F0A232A58011A0B3369E6D2C7B24AEC2CB46", "58DF40BB3617B9F8FF7EDF5B4EACC6E58BCFD7A11318427D83C078A7705F4CBD", "5B94B82BCC3B58026270D02D14DED2CA94DC002273698034F1BF4731A17FCD56", "5BE52962678849208DBB78075A36D8D5B485DEC707628BB3A9D37D4AA01BC678", "5CF5E501F33F27E00550D56AF2E8B4DD49ABBF9F37122E58BF4BBEBB4CE88ECC", "5CFEB53CCF9B2DBB0C3EDFEC78B2EC1A09942B6E59FF485336E1578CE071254C", "5DF0B742C25C2F487EB32BBCACF13C352E6081CEA3FAA0BB1F7FFB5B9270663C", "5F4A0C2884928132058FB1F6A2A491E93E6AD59F7652C09398215C3B1702DA1D", "60686B0289DCD14F2853EA0A4DD161ED83964A96330DAD3A2EBFC7C1DD968347", "616B9D338FE05387920626E6D84C2A0408648EB65F12DE09DFF54DA7C324206C", "6220CD7BD2B23845C5AFCB2371146CD267828A053B383FBEEF5D46FD47EDF1FA", "63C8B1DC63A3A0D366B1AA0E3DB24BD123F14B4EB29B74139B4FE1590E5E48A3", "658244F401DC89C434581EA981F2B764CE3CCD8561DE2C90348889D367179DDA", "6949963E8F8CDBBF076CCA42C1B972D8C4F8D8949B9544DFC6B3726DC3985FF2", "6994DB9FF8EDDCBEB06E15718DA8FA8CDAE33F0D45671CA89D2EEFBFC761C838", "6B09B5D2D23FA627EE10A721BA4E08F3540501D0CBF559BC1085DF2C422D4ED1", "6C6D4AD9677EC57657183241839761F8B14EA276C6AC7C4C5FC714F1E68FE7D1", "6F16F136BCBC8DF0C1DBC581FA13A1E792D2E9E47A077464DED21E407E2254EA", "6F9C6903CD7D8203D4E82C06723CA4FB1AB9B0D048230D4EE8B7B6CCAE5D8671", "70C52835D439D05D295FB163B1E67786F3104DC1F4B9CD79AC81516B21B46D46", "71D0066AB30B4D7CDBC8617E06029534108D1E91FB970B489F24F94CE6A185D1", "72323A87B15F078C393C08C2C6CBC69CF69DA2EEF2BE247F76E5827524377951", "73CCC72B9947E013F4772BEFCFDE5819CCA7971C691FF4D3E69400404D464E2F", "75703D9F7F021B9FC210A750348B0073BDB1B7B9CA15D0380DE9DEF8A0AFF072", "77A5CD46FD3C6940EFC34DE8C8AA831927106A12E0E3EAC862A5D46723F4092E", "7823701436D3C805F1BC4A90974E18B7F8837573081BA01C4A1AE1FABCFE9888", "7A89BB55E5B049E80A4EDE8650050366D20EC49B897A44F7858ECD4C51F1A2F8", "7C5451969551322B10C02D39A8205047791F77289C2CE11B04A515BC58230E66", "7D3C63B22205AC5B9D5BB56B7AC216EFF1A8B7D4259EA95A9A54A02642A96043", "7F469CFC041F0A861570BFF0B2EAA8E27C8745F53E8D1D2E37E215EB01C5CB2D", "80724C5663E867568B5857C3F5E5AC0B2204F9AE997ABBE49DD250AAD33127E3", "80E527495DB4E208CB1D10F4F80A8C90E9AA9D332FD8D3465D8013D5CD895A38", "8179A3903584C27193924DDC106FB30D81DA90EC7483D34D417B2A8E24E5A851", "81C6A358F17E973E45D7EB18F13FD90C43F11DE4197BCA2FAD44339C44E0E4D6", "8262711545CDD113DD750D542E78815E312F49AD36DDD465FAB22D327CCB611E", "846482DEB927A7614576318454D0B7C7ED2CCC26E90AD752D7A2A82CD944F725", "85815DDF3FA335D34C78FFDC9F78B8A523BA1A5831E31B17BE474151000B2907", "8584E6ABE00771A5603E6B6B425C41D5DE5CAF4155D156ED23DC657B08487AD9", "87E61A2695C07C58B95C707F4E1127449790BBD300DA4889C724B5BA2CFAE805", "888AC6CE99B291DF2AE2CA6EF15D575728F4461472C45FFCEB2B5E8A78735820", "88A298B9C75284BF1881AC46978D9170727684435E469182C7715D9CBE02126B", "89511E569BF29BF797EA6EC67510C77A11A66D9311BD722C3856265463CF3DE7", "8C5165B09D9CDB3A848FA470C726F161A1DABD1B796163F97D01066C1D35B5A0", "8CEFDEF4B4C0388189027A8FB575EC1F5C16BE39686B9B792A50797930492FB1", "8D3DC4C0F4B602401A017F1C43683FCAA488ACB5436C20C977220D96118FA802", "8F5E37B1492215750DE26664A7C69EEF4EF0583C2F012D3F658AE9A44437DA40", "8FE6A7F075F86C24AA6EB4751889925EF3E6DEAF59DA441D1C361342182F6645", "90AC6404BEC26EE04C5116EFE61EADA448F6BE4B15643F95B0E2C306615BA410", "93877A562B975C91505EC2DDCF1E0F2F75707DBF947F3BE156AF14689DE23283", "9427176C6C0CAE7645573C8BAA18FCDB4A13E52B255F72962EF5A623904F85E5", "9571CC4C328FC49BDE460E3DDB8089A16540E8193A13ACAE69B87BCD550C3EF1", "96D4152DE1D591E0C07748B17639CA32E83418ACCDE15888065A9CB41E619103", "97769C49B35E25C6B8FA85B9C97DAEDD858E7FBBFD2A1F42B1908E247FD64213", "992D472A3766649B3AF435532AD5F4E49BABFB85B74B8C7C5D555A679DA52E94", "9AE75CB1A1D3DD100D9064B9CD05456A761753026F2FA396034E23E18AE154DF", "9B5E5BC13D4397737B050BD8441A6D224B8904878CC85547639E0E0B26AE58F4", "9BAEEBDEE0152EA56DBFA33D387D2BBD1EA32B298DDDAD12585FCBCEA556DC03", "9F1CABD3527BC3FA5C4B8E3834920B11E7FB3196D76ECD7B9C586F89850BCFCF", "9FD583B4EB98DE738D4995A7051ACB001233C81BBDFA0CEB3450CE85EA2D30A9", "A672FAD4D4008E416F01CAC297F94C9CEA100F89F258F6FF67665C7FF6EC35DF", "A9E95ACFA12F14901F06AEB72CE135C981AC1F52E5EEB65793FACC0F0CBD2136", "AC8A176111C5D0EEF4CBEEF646DE5672F13451B994F8BB844C6C076689090D26", "AD6CCE2A1D5A9869BD583668A696E96D5711DC6790008CC35A1991D46E49ABE2", "B14711FCCE28FBD42E1415D4FA69A18716B176D49881F931260BA9778C11599E", "B19B1E8E69CC7FFA12D3B75E392AC68890C697474DCE361FD570BECEB5BFA16A", "B2E84ED495D2BAF78EDDC226E0997571F1E0725DE0BB3E158D2DC6563F0C0FF3", "B39CDF48277B5A1E5E74388C6E0EA6AFB8F6FEA1ED51299E44E0AEE4AC404FF6", "B492F0296BDA567C4F98187476A828370D969E5E55C2ADEF50B3218415B91F81", "B830CCF31E1D88229EC24AF173721EB21408C7EA200317E4C1BFEF78EA3DEA90", "BB835784EC2D9827E0C713B8CEBB22D4D036E9F7C61CB083D60E4560EC27B247", "BEE2F0B9EB777EFAB0969E75C6AA811239753CA8FC3BFB3483BC57555F17DA20", "BF731935565FBC428BDCBFC95D3071B4992F5744B65B8A63A71BAE92354C086B", "BFF9E7158120F8B43A89CEF476D8622AA1DB0E88B693EA0C9A09920DE0FF7A06", "C00CA1FBAB9202E64462B2BF77F0ED60BC785060E001593CB61BA37AB170F2A4", "C2EF8EB22B3C017B39A26592E5134F9BD761C5B28DEA228D3E1849975E78F65D", "C71235B9EB6EDAE21C87F038209FAA80F05E9B26A6336CECB453B01119F347D8", "C78ADDC242FF231DC015D95FD5CD4F0B13044D3779FED615D8FEF3677D378A3D", "C815D5BA0527F8CF454767B7D16A6B819AF9B998FAC3AFC2A63E79F6A57AD83A", "CACE742F60CCFFDDEBAD27526A0EF5C039135740AD552F5DBCA391CEB33BC04D", "CCB0F372D73F6B8C4897B814AAF72881967F090D7CA1B94EE8F05E6BA571E693", "D118C80EE81130A144A4ADBF349FE7A9C007EF290E463AAED03D130C39ECF9B4", "D59742329AD39D4371AE700C91B22C0E2C04250CABE9EC610C5208050B1A1EDE", "D642B106AEF6A0331D5279B5D198C003A15DD599D9D5027FB7E0DDEE76D361BD", "D786761B0B2DB5C7370185F18DFD1990C653F5CA978F07DC85476F6C4C32F95A", "DE3422F091BEAF937A6AAF2F474509A669B7CE95027496E1A397C52DB56CA841", "DE4F110A7CB26F3EA8F2ACCB627C82FCB649AEF4CEEF6D8EEC438EFE0B327978", "DEB42D37472DABA41D449842B1B5C261C9033E9118FC181AE309B0216062035B", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "E021B3BC3EDC4F842310654287B2EF8BF1F6BDEA3BCA58F2F657EC4011C0E931", "E43687480718D62403FAE624926EF4DCB0A894AFF26C5E9C5F75A8D56B17B6E6", "E487FF91BBF956150824060BD6886B29AABF641CB1F5C839DA758246BAFF4281", "E834F28B243C93C15E2DFF779C171D0CF13696EDBE40F1E49F8B0FBC37C291CE", "E8EFCA8810003524E6931CD5AFDC084870201D5052BAC467C09EBF324F61A84B", "EA14EC6134110E482A82A70BFDEAD48335455A70FA71C151C62860AACE47AA41", "EC0930BAE0180DB31267A85F97C8E516A36E1C44D0E00AC61FD404A4A9D80C98", "ECE800B94D9FF0A69B0B09AF151DC923542D6BF91DB203FF288F37FA45849631", "ED2D628E2B845D710C7283E74DEB57A6ACCF26A841A9E4CC3B811EEE14A28F24", "ED5CC772C4879175949A026879AB98730A2CB44FA2A70F04E865D49394F0358A", "EDD95C505C7068D860A427BB534311963EDC610F239DACB804FA4E75AF87419D", "F093A08993AEB53C8D5F6F2FE220825F9FC675CC904F54B3FE037444F61A7876", "F0BEE71D1E1E1F410EAE7CBBF899A463124708682905DE5AB537B39047C97A14", "F388E7A0704FC5BFFEDE2E6274B32214289732FAE5D48B13E5D71E96A238204A", "F63CE2E2A489986C54BF2E2181836D53D82D6ECFE643D40B12C1C3E942F8B4CC", "F7A6477C1B14AA0D43117B4EC882157DA5211AA8E68BDE96AFDE742CE85551BD", "F8949F00CDCE086FCFA5F40AFADF9DB9E3B4DD10AB910034C41279EA96313C2A", "F96C14C4670BF2970578877304F86FD985860F96EB5A331A5EE62FAA61BA548D", "F989AFBD24F5A4F611C18B563384AB9BC2165C91017233F5DB34EA0CEFA49C16", "FA7577337B12FD59AF7D455741A74001A4AC5E50BAAB46EE5032B560FE6FFA9F", "FB6E2A46FE013C1E8D277E9650AA1AD4C556240417772ACF324BD3E255ED3B0F", "FD0169F3AFC31A4C1DB0963A8A7D69906A9B7AFA2CD77DB9B90B743256EB9F44", "FFDE8D079419291E03B99CD03062031F32C44C801D2257697E407E3C3A6DB60E"]}, {"type": "ics", "idList": ["ICSA-22-221-01"]}, {"type": "mageia", "idList": ["MGASA-2021-0073", "MGASA-2021-0587", "MGASA-2022-0091", "MGASA-2022-0136", "MGASA-2022-0139", "MGASA-2022-0173", "MGASA-2022-0184", "MGASA-2022-0210", "MGASA-2022-0223", "MGASA-2022-0231", "MGASA-2022-0233", "MGASA-2022-0246", "MGASA-2022-0250", "MGASA-2022-0254", "MGASA-2022-0255", "MGASA-2022-0259", "MGASA-2022-0262", "MGASA-2022-0290", "MGASA-2022-0301", "MGASA-2022-0303", "MGASA-2022-0328", "MGASA-2022-0352", "MGASA-2022-0359", "MGASA-2022-0367", "MGASA-2022-0384", "MGASA-2022-0397", "MGASA-2022-0399", "MGASA-2022-0404", "MGASA-2022-0417", "MGASA-2022-0467", "MGASA-2022-0468", "MGASA-2023-0010"]}, {"type": "mozilla", "idList": ["MFSA2022-47"]}, {"type": "nessus", "idList": ["701407.PASL", "AL2022_ALAS2022-2022-071.NASL", "AL2022_ALAS2022-2022-091.NASL", "AL2022_ALAS2022-2022-104.NASL", "AL2022_ALAS2022-2022-105.NASL", "AL2022_ALAS2022-2022-116.NASL", "AL2022_ALAS2022-2022-123.NASL", "AL2022_ALAS2022-2022-126.NASL", "AL2022_ALAS2022-2022-145.NASL", "AL2022_ALAS2022-2022-147.NASL", "AL2022_ALAS2022-2022-148.NASL", "AL2022_ALAS2022-2022-154.NASL", "AL2022_ALAS2022-2022-155.NASL", "AL2022_ALAS2022-2022-158.NASL", "AL2022_ALAS2022-2022-191.NASL", "AL2022_ALAS2022-2022-192.NASL", "AL2022_ALAS2022-2022-193.NASL", "AL2022_ALAS2022-2022-195.NASL", "AL2022_ALAS2022-2022-200.NASL", "AL2022_ALAS2022-2022-206.NASL", "AL2022_ALAS2022-2022-207.NASL", "AL2022_ALAS2022-2022-227.NASL", "AL2022_ALAS2022-2022-228.NASL", "AL2022_ALAS2022-2022-238.NASL", "AL2022_ALAS2022-2022-249.NASL", "AL2022_ALAS2022-2022-252.NASL", "AL2022_ALAS2022-2022-259.NASL", "AL2_ALAS-2022-1776.NASL", "AL2_ALAS-2022-1801.NASL", "AL2_ALAS-2022-1802.NASL", "AL2_ALAS-2022-1811.NASL", "AL2_ALAS-2022-1815.NASL", "AL2_ALAS-2022-1829.NASL", "AL2_ALAS-2022-1830.NASL", "AL2_ALAS-2022-1831.NASL", "AL2_ALAS-2022-1832.NASL", "AL2_ALAS-2022-1834.NASL", "AL2_ALAS-2022-1846.NASL", "AL2_ALAS-2022-1847.NASL", "AL2_ALAS-2022-1849.NASL", "AL2_ALAS-2022-1858.NASL", "AL2_ALAS-2022-1859.NASL", "AL2_ALAS-2022-1860.NASL", "AL2_ALAS-2022-1861.NASL", "AL2_ALAS-2022-1862.NASL", "AL2_ALAS-2022-1863.NASL", "AL2_ALAS-2022-1864.NASL", "AL2_ALAS-2022-1865.NASL", "AL2_ALAS-2022-1871.NASL", "AL2_ALAS-2022-1875.NASL", "AL2_ALAS-2022-1877.NASL", "AL2_ALAS-2022-1884.NASL", "AL2_ALAS-2022-1890.NASL", "AL2_ALAS-2022-1900.NASL", "AL2_ALAS-2023-1909.NASL", "AL2_ALAS-2023-1915.NASL", "AL2_ALASDOCKER-2022-020.NASL", "ALA_ALAS-2022-1583.NASL", "ALA_ALAS-2022-1593.NASL", "ALA_ALAS-2022-1605.NASL", "ALA_ALAS-2022-1626.NASL", "ALA_ALAS-2022-1628.NASL", "ALA_ALAS-2022-1630.NASL", "ALA_ALAS-2022-1635.NASL", "ALA_ALAS-2022-1646.NASL", "ALA_ALAS-2022-1649.NASL", "ALA_ALAS-2022-1650.NASL", "ALA_ALAS-2022-1654.NASL", "ALMA_LINUX_ALSA-2021-5160.NASL", "ALMA_LINUX_ALSA-2022-0001.NASL", "ALMA_LINUX_ALSA-2022-1764.NASL", "ALMA_LINUX_ALSA-2022-1819.NASL", "ALMA_LINUX_ALSA-2022-1821.NASL", "ALMA_LINUX_ALSA-2022-5251.NASL", "ALMA_LINUX_ALSA-2022-5775.NASL", "ALMA_LINUX_ALSA-2022-5799.NASL", "ALMA_LINUX_ALSA-2022-5809.NASL", "ALMA_LINUX_ALSA-2022-5813.NASL", "ALMA_LINUX_ALSA-2022-5818.NASL", "ALMA_LINUX_ALSA-2022-5942.NASL", "ALMA_LINUX_ALSA-2022-6157.NASL", "ALMA_LINUX_ALSA-2022-6159.NASL", "ALMA_LINUX_ALSA-2022-6224.NASL", "ALMA_LINUX_ALSA-2022-6457.NASL", "ALMA_LINUX_ALSA-2022-6463.NASL", "ALMA_LINUX_ALSA-2022-6602.NASL", "ALMA_LINUX_ALSA-2022-6838.NASL", "ALMA_LINUX_ALSA-2022-6854.NASL", "ALMA_LINUX_ALSA-2022-6878.NASL", "ALMA_LINUX_ALSA-2022-7020.NASL", "ALMA_LINUX_ALSA-2022-7023.NASL", "ALMA_LINUX_ALSA-2022-7024.NASL", "ALMA_LINUX_ALSA-2022-7026.NASL", "ALMA_LINUX_ALSA-2022-7089.NASL", "ALMA_LINUX_ALSA-2022-7090.NASL", "ALMA_LINUX_ALSA-2022-7105.NASL", "ALMA_LINUX_ALSA-2022-7106.NASL", "ALMA_LINUX_ALSA-2022-7108.NASL", "ALMA_LINUX_ALSA-2022-7129.NASL", "ALMA_LINUX_ALSA-2022-7314.NASL", "ALMA_LINUX_ALSA-2022-7514.NASL", "ALMA_LINUX_ALSA-2022-7519.NASL", "ALMA_LINUX_ALSA-2022-7524.NASL", "ALMA_LINUX_ALSA-2022-7529.NASL", "ALMA_LINUX_ALSA-2022-7581.NASL", "ALMA_LINUX_ALSA-2022-7592.NASL", "ALMA_LINUX_ALSA-2022-7593.NASL", "ALMA_LINUX_ALSA-2022-7622.NASL", "ALMA_LINUX_ALSA-2022-7633.NASL", "ALMA_LINUX_ALSA-2022-7648.NASL", "ALMA_LINUX_ALSA-2022-7700.NASL", "ALMA_LINUX_ALSA-2022-7715.NASL", "ALMA_LINUX_ALSA-2022-7720.NASL", "ALMA_LINUX_ALSA-2022-7745.NASL", "ALMA_LINUX_ALSA-2022-7793.NASL", "ALMA_LINUX_ALSA-2022-7928.NASL", "ALMA_LINUX_ALSA-2022-8011.NASL", "ALMA_LINUX_ALSA-2022-8054.NASL", "ALMA_LINUX_ALSA-2022-8057.NASL", "ALMA_LINUX_ALSA-2022-8062.NASL", "ALMA_LINUX_ALSA-2022-8070.NASL", "ALMA_LINUX_ALSA-2022-8098.NASL", "ALMA_LINUX_ALSA-2022-8250.NASL", "ALMA_LINUX_ALSA-2022-8291.NASL", "ALMA_LINUX_ALSA-2022-8340.NASL", "ALMA_LINUX_ALSA-2022-8353.NASL", "ALMA_LINUX_ALSA-2022-8361.NASL", "ALMA_LINUX_ALSA-2022-8453.NASL", "APPLE_IOS_154_CHECK.NBIN", "APPLE_IOS_155_CHECK.NBIN", "APPLE_IOS_161_CHECK.NBIN", "CENTOS8_RHSA-2021-5160.NASL", "CENTOS8_RHSA-2022-1764.NASL", "CENTOS8_RHSA-2022-1819.NASL", "CENTOS8_RHSA-2022-1821.NASL", "CENTOS8_RHSA-2022-5337.NASL", "CENTOS8_RHSA-2022-5775.NASL", "CENTOS8_RHSA-2022-7514.NASL", "CENTOS8_RHSA-2022-7519.NASL", "CENTOS8_RHSA-2022-7524.NASL", "CENTOS8_RHSA-2022-7529.NASL", "CENTOS8_RHSA-2022-7581.NASL", "CENTOS8_RHSA-2022-7592.NASL", "CENTOS8_RHSA-2022-7593.NASL", "CENTOS8_RHSA-2022-7622.NASL", "CENTOS8_RHSA-2022-7633.NASL", "CENTOS8_RHSA-2022-7648.NASL", "CENTOS8_RHSA-2022-7700.NASL", "CENTOS8_RHSA-2022-7704.NASL", "CENTOS8_RHSA-2022-7715.NASL", "CENTOS8_RHSA-2022-7720.NASL", "CENTOS8_RHSA-2022-7745.NASL", "CENTOS8_RHSA-2022-7793.NASL", "CENTOS_RHSA-2022-6834.NASL", "CENTOS_RHSA-2022-7088.NASL", "CENTOS_RHSA-2022-8640.NASL", "DEBIAN_DLA-2549.NASL", "DEBIAN_DLA-2891.NASL", "DEBIAN_DLA-2892.NASL", "DEBIAN_DLA-2974.NASL", "DEBIAN_DLA-2985.NASL", "DEBIAN_DLA-2986.NASL", "DEBIAN_DLA-3008.NASL", "DEBIAN_DLA-3070.NASL", "DEBIAN_DLA-3085.NASL", "DEBIAN_DLA-3103.NASL", "DEBIAN_DLA-3107.NASL", "DEBIAN_DLA-3119.NASL", "DEBIAN_DLA-3153.NASL", "DEBIAN_DLA-3204.NASL", "DEBIAN_DLA-3206.NASL", "DEBIAN_DLA-3213.NASL", "DEBIAN_DSA-5139.NASL", "DEBIAN_DSA-5154.NASL", "DEBIAN_DSA-5155.NASL", "DEBIAN_DSA-5169.NASL", "DEBIAN_DSA-5174.NASL", "DEBIAN_DSA-5182.NASL", "DEBIAN_DSA-5183.NASL", "DEBIAN_DSA-5197.NASL", "DEBIAN_DSA-5203.NASL", "DEBIAN_DSA-5218.NASL", "DEBIAN_DSA-5236.NASL", "DEBIAN_DSA-5255.NASL", "DEBIAN_DSA-5286.NASL", "DEBIAN_DSA-5287.NASL", "EULEROS_SA-2022-1345.NASL", "EULEROS_SA-2022-1428.NASL", "EULEROS_SA-2022-1449.NASL", "EULEROS_SA-2022-1487.NASL", "EULEROS_SA-2022-1506.NASL", "EULEROS_SA-2022-1532.NASL", "EULEROS_SA-2022-1534.NASL", "EULEROS_SA-2022-1548.NASL", "EULEROS_SA-2022-1566.NASL", "EULEROS_SA-2022-1581.NASL", "EULEROS_SA-2022-1582.NASL", "EULEROS_SA-2022-1650.NASL", "EULEROS_SA-2022-1664.NASL", "EULEROS_SA-2022-1692.NASL", "EULEROS_SA-2022-1713.NASL", "EULEROS_SA-2022-1720.NASL", "EULEROS_SA-2022-1757.NASL", "EULEROS_SA-2022-1776.NASL", "EULEROS_SA-2022-1788.NASL", "EULEROS_SA-2022-1805.NASL", "EULEROS_SA-2022-1841.NASL", "EULEROS_SA-2022-1865.NASL", "EULEROS_SA-2022-1887.NASL", "EULEROS_SA-2022-1890.NASL", "EULEROS_SA-2022-1909.NASL", "EULEROS_SA-2022-1919.NASL", "EULEROS_SA-2022-1924.NASL", "EULEROS_SA-2022-1925.NASL", "EULEROS_SA-2022-1928.NASL", "EULEROS_SA-2022-1943.NASL", "EULEROS_SA-2022-1944.NASL", "EULEROS_SA-2022-1945.NASL", "EULEROS_SA-2022-1962.NASL", "EULEROS_SA-2022-1964.NASL", "EULEROS_SA-2022-1977.NASL", "EULEROS_SA-2022-1978.NASL", "EULEROS_SA-2022-1992.NASL", "EULEROS_SA-2022-1994.NASL", "EULEROS_SA-2022-2007.NASL", "EULEROS_SA-2022-2008.NASL", "EULEROS_SA-2022-2035.NASL", "EULEROS_SA-2022-2063.NASL", "EULEROS_SA-2022-2088.NASL", "EULEROS_SA-2022-2098.NASL", "EULEROS_SA-2022-2099.NASL", "EULEROS_SA-2022-2108.NASL", "EULEROS_SA-2022-2118.NASL", "EULEROS_SA-2022-2119.NASL", "EULEROS_SA-2022-2130.NASL", "EULEROS_SA-2022-2143.NASL", "EULEROS_SA-2022-2144.NASL", "EULEROS_SA-2022-2155.NASL", "EULEROS_SA-2022-2168.NASL", "EULEROS_SA-2022-2169.NASL", "EULEROS_SA-2022-2215.NASL", "EULEROS_SA-2022-2228.NASL", "EULEROS_SA-2022-2237.NASL", "EULEROS_SA-2022-2239.NASL", "EULEROS_SA-2022-2247.NASL", "EULEROS_SA-2022-2250.NASL", "EULEROS_SA-2022-2252.NASL", "EULEROS_SA-2022-2260.NASL", "EULEROS_SA-2022-2263.NASL", "EULEROS_SA-2022-2276.NASL", "EULEROS_SA-2022-2282.NASL", "EULEROS_SA-2022-2287.NASL", "EULEROS_SA-2022-2288.NASL", "EULEROS_SA-2022-2300.NASL", "EULEROS_SA-2022-2301.NASL", "EULEROS_SA-2022-2307.NASL", "EULEROS_SA-2022-2310.NASL", "EULEROS_SA-2022-2316.NASL", "EULEROS_SA-2022-2317.NASL", "EULEROS_SA-2022-2329.NASL", "EULEROS_SA-2022-2330.NASL", "EULEROS_SA-2022-2336.NASL", "EULEROS_SA-2022-2341.NASL", "EULEROS_SA-2022-2342.NASL", "EULEROS_SA-2022-2343.NASL", "EULEROS_SA-2022-2344.NASL", "EULEROS_SA-2022-2360.NASL", "EULEROS_SA-2022-2361.NASL", "EULEROS_SA-2022-2362.NASL", "EULEROS_SA-2022-2369.NASL", "EULEROS_SA-2022-2378.NASL", "EULEROS_SA-2022-2379.NASL", "EULEROS_SA-2022-2380.NASL", "EULEROS_SA-2022-2396.NASL", "EULEROS_SA-2022-2397.NASL", "EULEROS_SA-2022-2398.NASL", "EULEROS_SA-2022-2405.NASL", "EULEROS_SA-2022-2413.NASL", "EULEROS_SA-2022-2419.NASL", "EULEROS_SA-2022-2426.NASL", "EULEROS_SA-2022-2432.NASL", "EULEROS_SA-2022-2439.NASL", "EULEROS_SA-2022-2446.NASL", "EULEROS_SA-2022-2454.NASL", "EULEROS_SA-2022-2460.NASL", "EULEROS_SA-2022-2461.NASL", "EULEROS_SA-2022-2462.NASL", "EULEROS_SA-2022-2471.NASL", "EULEROS_SA-2022-2476.NASL", "EULEROS_SA-2022-2482.NASL", "EULEROS_SA-2022-2485.NASL", "EULEROS_SA-2022-2493.NASL", "EULEROS_SA-2022-2497.NASL", "EULEROS_SA-2022-2525.NASL", "EULEROS_SA-2022-2529.NASL", "EULEROS_SA-2022-2541.NASL", "EULEROS_SA-2022-2542.NASL", "EULEROS_SA-2022-2548.NASL", "EULEROS_SA-2022-2549.NASL", "EULEROS_SA-2022-2553.NASL", "EULEROS_SA-2022-2557.NASL", "EULEROS_SA-2022-2578.NASL", "EULEROS_SA-2022-2579.NASL", "EULEROS_SA-2022-2580.NASL", "EULEROS_SA-2022-2585.NASL", "EULEROS_SA-2022-2586.NASL", "EULEROS_SA-2022-2594.NASL", "EULEROS_SA-2022-2600.NASL", "EULEROS_SA-2022-2629.NASL", "EULEROS_SA-2022-2632.NASL", "EULEROS_SA-2022-2639.NASL", "EULEROS_SA-2022-2641.NASL", "EULEROS_SA-2022-2647.NASL", "EULEROS_SA-2022-2649.NASL", "EULEROS_SA-2022-2650.NASL", "EULEROS_SA-2022-2651.NASL", "EULEROS_SA-2022-2659.NASL", "EULEROS_SA-2022-2664.NASL", "EULEROS_SA-2022-2669.NASL", "EULEROS_SA-2022-2670.NASL", "EULEROS_SA-2022-2673.NASL", "EULEROS_SA-2022-2679.NASL", "EULEROS_SA-2022-2681.NASL", "EULEROS_SA-2022-2682.NASL", "EULEROS_SA-2022-2683.NASL", "EULEROS_SA-2022-2691.NASL", "EULEROS_SA-2022-2696.NASL", "EULEROS_SA-2022-2701.NASL", "EULEROS_SA-2022-2702.NASL", "EULEROS_SA-2022-2705.NASL", "EULEROS_SA-2022-2709.NASL", "EULEROS_SA-2022-2710.NASL", "EULEROS_SA-2022-2715.NASL", "EULEROS_SA-2022-2723.NASL", "EULEROS_SA-2022-2727.NASL", "EULEROS_SA-2022-2728.NASL", "EULEROS_SA-2022-2730.NASL", "EULEROS_SA-2022-2736.NASL", "EULEROS_SA-2022-2742.NASL", "EULEROS_SA-2022-2744.NASL", "EULEROS_SA-2022-2746.NASL", "EULEROS_SA-2022-2751.NASL", "EULEROS_SA-2022-2752.NASL", "EULEROS_SA-2022-2758.NASL", "EULEROS_SA-2022-2762.NASL", "EULEROS_SA-2022-2763.NASL", "EULEROS_SA-2022-2765.NASL", "EULEROS_SA-2022-2771.NASL", "EULEROS_SA-2022-2777.NASL", "EULEROS_SA-2022-2779.NASL", "EULEROS_SA-2022-2781.NASL", "EULEROS_SA-2022-2786.NASL", "EULEROS_SA-2022-2787.NASL", "EULEROS_SA-2022-2794.NASL", "EULEROS_SA-2022-2797.NASL", "EULEROS_SA-2022-2804.NASL", "EULEROS_SA-2022-2805.NASL", "EULEROS_SA-2022-2812.NASL", "EULEROS_SA-2022-2816.NASL", "EULEROS_SA-2022-2819.NASL", "EULEROS_SA-2022-2820.NASL", "EULEROS_SA-2022-2837.NASL", "EULEROS_SA-2022-2841.NASL", "EULEROS_SA-2022-2844.NASL", "EULEROS_SA-2022-2845.NASL", "EULEROS_SA-2022-2852.NASL", "EULEROS_SA-2022-2864.NASL", "EULEROS_SA-2022-2868.NASL", "EULEROS_SA-2022-2872.NASL", "EULEROS_SA-2022-2877.NASL", "EULEROS_SA-2022-2879.NASL", "EULEROS_SA-2022-2882.NASL", "EULEROS_SA-2022-2886.NASL", "EULEROS_SA-2022-2890.NASL", "EULEROS_SA-2022-2895.NASL", "EULEROS_SA-2022-2897.NASL", "EULEROS_SA-2022-2902.NASL", "EULEROS_SA-2022-2903.NASL", "EULEROS_SA-2022-2904.NASL", "EULEROS_SA-2022-2911.NASL", "EULEROS_SA-2022-2916.NASL", "EULEROS_SA-2022-2921.NASL", "EULEROS_SA-2022-2922.NASL", "EULEROS_SA-2022-2924.NASL", "EULEROS_SA-2022-2928.NASL", "EULEROS_SA-2022-2929.NASL", "EULEROS_SA-2022-2930.NASL", "EULEROS_SA-2022-2937.NASL", "EULEROS_SA-2022-2942.NASL", "EULEROS_SA-2022-2947.NASL", "EULEROS_SA-2022-2948.NASL", "EULEROS_SA-2022-2950.NASL", "EULEROS_SA-2023-1061.NASL", "EULEROS_SA-2023-1086.NASL", "EULEROS_SA-2023-1094.NASL", "EULEROS_SA-2023-1112.NASL", "EULEROS_SA-2023-1118.NASL", "EULEROS_SA-2023-1136.NASL", "EULEROS_SA-2023-1145.NASL", "EULEROS_SA-2023-1160.NASL", "EULEROS_SA-2023-1166.NASL", "EULEROS_SA-2023-1181.NASL", "EULEROS_SA-2023-1187.NASL", "EULEROS_SA-2023-1190.NASL", "EULEROS_SA-2023-1192.NASL", "EULEROS_SA-2023-1197.NASL", "EULEROS_SA-2023-1203.NASL", "EULEROS_SA-2023-1205.NASL", "EULEROS_SA-2023-1206.NASL", "EULEROS_SA-2023-1210.NASL", "EULEROS_SA-2023-1211.NASL", "EULEROS_SA-2023-1217.NASL", "EULEROS_SA-2023-1220.NASL", "EULEROS_SA-2023-1222.NASL", "EULEROS_SA-2023-1227.NASL", "EULEROS_SA-2023-1233.NASL", "EULEROS_SA-2023-1235.NASL", "EULEROS_SA-2023-1236.NASL", "EULEROS_SA-2023-1240.NASL", "EULEROS_SA-2023-1241.NASL", "F5_BIGIP_SOL44454157.NASL", "FEDORA_2022-003403EC6B.NASL", "FEDORA_2022-15EC504440.NASL", "FEDORA_2022-3EF41C3410.NASL", "FEDORA_2022-78038A4441.NASL", "FEDORA_2022-7C13845B0D.NASL", "FEDORA_2022-88CEFEF88C.NASL", "FEDORA_2022-C22FEB71BA.NASL", "FEDORA_2022-C68D90EFC3.NASL", "FEDORA_2022-CBBD105D08.NASL", "FEDORA_2022-D1682FEF04.NASL", "FEDORA_2022-D680C70EBE.NASL", "FEDORA_2022-D93B3BD8B9.NASL", "FEDORA_2022-DBA9BA8E2B.NASL", "FEDORA_2022-E56085BA31.NASL", "FREEBSD_PKG_094E4A5B651111ED8C5E206A8A720317.NASL", "FREEBSD_PKG_096AB080907C11ECBB14002324B2FBA8.NASL", "FREEBSD_PKG_0A0670A13E1A11EDB48BE0D55E2A8BF9.NASL", "FREEBSD_PKG_15888C7EE65911ECB7FE10C37B4AC2EA.NASL", "FREEBSD_PKG_1CD0C17A17C011ED91A5080027F5FEC9.NASL", "FREEBSD_PKG_3F321A5AB33B11EC80C21BB2C6A00592.NASL", "FREEBSD_PKG_4B9C1C17587C11ED856ED4C9EF517024.NASL", "FREEBSD_PKG_4EEB93BFF20411EC8FBDD4C9EF517024.NASL", "FREEBSD_PKG_720505FE593F11EC9BA8002324B2FBA8.NASL", "FREEBSD_PKG_8E15060608C911ED856ED4C9EF517024.NASL", "FREEBSD_PKG_A1323A7628F111EDA72A002590C1F29C.NASL", "FREEBSD_PKG_A1360138D44611EC8EA110C37B4AC2EA.NASL", "FREEBSD_PKG_A28E8B7EFC7011EC856ED4C9EF517024.NASL", "FREEBSD_PKG_A4F2416C02A011EDB81710C37B4AC2EA.NASL", "FREEBSD_PKG_A58F3FDEE4E011EC83402D623369B8B5.NASL", "FREEBSD_PKG_AE5722A6F5F011EC856ED4C9EF517024.NASL", "FREEBSD_PKG_B9210706FEB011EC81FA1C697A616631.NASL", "FREEBSD_PKG_BC43A57814EC11ED856ED4C9EF517024.NASL", "FREEBSD_PKG_FCEB2B08CB7611ECA06FD4C9EF517024.NASL", "GENTOO_GLSA-202105-03.NASL", "GENTOO_GLSA-202208-02.NASL", "GENTOO_GLSA-202208-32.NASL", "GENTOO_GLSA-202208-39.NASL", "GENTOO_GLSA-202209-24.NASL", "GENTOO_GLSA-202210-02.NASL", "GENTOO_GLSA-202210-23.NASL", "GENTOO_GLSA-202210-42.NASL", "GENTOO_GLSA-202211-06.NASL", "GENTOO_GLSA-202212-01.NASL", "GENTOO_GLSA-202212-02.NASL", "GENTOO_GLSA-202212-07.NASL", "IBM_COGNOS_6828527.NASL", "ITUNES_12_12_3.NASL", "ITUNES_12_12_3_BANNER.NASL", "ITUNES_12_12_4.NASL", "ITUNES_12_12_4_BANNER.NASL", "MACOS_FIREFOX_107_0.NASL", "MACOS_HT213183.NASL", "MACOS_HT213184.NASL", "MACOS_HT213185.NASL", "MACOS_HT213257.NASL", "MACOS_HT213493.NASL", "MACOS_HT213494.NASL", "MOZILLA_FIREFOX_107_0.NASL", "MYSQL_5_7_39.NASL", "MYSQL_5_7_40.NASL", "MYSQL_8_0_30.NASL", "MYSQL_8_0_31.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_32.NASL", "NESSUS_TNS-2022-20.NASL", "NESSUS_TNS-2022-26.NASL", "NEWSTART_CGSL_NS-SA-2022-0079_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0100_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0102_PYTHON.NASL", "NODEJS_2022_JUL.NASL", "NUTANIX_NXSA-AOS-6_5_1_8.NASL", "OPENSSL_1_0_2ZE.NASL", "OPENSSL_1_0_2ZF.NASL", "OPENSSL_1_1_1O.NASL", "OPENSSL_1_1_1P.NASL", "OPENSSL_1_1_1Q.NASL", "OPENSSL_3_0_3.NASL", "OPENSSL_3_0_4.NASL", "OPENSSL_3_0_5.NASL", "OPENSUSE-2021-1626.NASL", "OPENSUSE-2021-4169.NASL", "OPENSUSE-2021-4186.NASL", "OPENSUSE-2022-0723-1.NASL", "OPENSUSE-2022-0724-1.NASL", "OPENSUSE-2022-1091-1.NASL", "OPENSUSE-2023-0018-1.NASL", "OPENSUSE-2023-0019-1.NASL", "OPENSUSE-2023-0020-1.NASL", "ORACLELINUX_ELSA-2021-5160.NASL", "ORACLELINUX_ELSA-2022-0001.NASL", "ORACLELINUX_ELSA-2022-14844.NASL", "ORACLELINUX_ELSA-2022-14857.NASL", "ORACLELINUX_ELSA-2022-1764.NASL", "ORACLELINUX_ELSA-2022-17956.NASL", "ORACLELINUX_ELSA-2022-1819.NASL", "ORACLELINUX_ELSA-2022-1821.NASL", "ORACLELINUX_ELSA-2022-23681.NASL", "ORACLELINUX_ELSA-2022-24267.NASL", "ORACLELINUX_ELSA-2022-5251.NASL", "ORACLELINUX_ELSA-2022-5337.NASL", "ORACLELINUX_ELSA-2022-5775.NASL", "ORACLELINUX_ELSA-2022-5799.NASL", "ORACLELINUX_ELSA-2022-5809.NASL", "ORACLELINUX_ELSA-2022-5813.NASL", "ORACLELINUX_ELSA-2022-5818.NASL", "ORACLELINUX_ELSA-2022-5942.NASL", "ORACLELINUX_ELSA-2022-6157.NASL", "ORACLELINUX_ELSA-2022-6159.NASL", "ORACLELINUX_ELSA-2022-6224.NASL", "ORACLELINUX_ELSA-2022-6457.NASL", "ORACLELINUX_ELSA-2022-6463.NASL", "ORACLELINUX_ELSA-2022-6834.NASL", "ORACLELINUX_ELSA-2022-6838.NASL", "ORACLELINUX_ELSA-2022-6854.NASL", "ORACLELINUX_ELSA-2022-6878.NASL", "ORACLELINUX_ELSA-2022-6997.NASL", "ORACLELINUX_ELSA-2022-6998.NASL", "ORACLELINUX_ELSA-2022-7020.NASL", "ORACLELINUX_ELSA-2022-7023.NASL", "ORACLELINUX_ELSA-2022-7024.NASL", "ORACLELINUX_ELSA-2022-7026.NASL", "ORACLELINUX_ELSA-2022-7088.NASL", "ORACLELINUX_ELSA-2022-7089.NASL", "ORACLELINUX_ELSA-2022-7090.NASL", "ORACLELINUX_ELSA-2022-7105.NASL", "ORACLELINUX_ELSA-2022-7106.NASL", "ORACLELINUX_ELSA-2022-7108.NASL", "ORACLELINUX_ELSA-2022-7129.NASL", "ORACLELINUX_ELSA-2022-7314.NASL", "ORACLELINUX_ELSA-2022-7514.NASL", "ORACLELINUX_ELSA-2022-7519.NASL", "ORACLELINUX_ELSA-2022-7524.NASL", "ORACLELINUX_ELSA-2022-7529.NASL", "ORACLELINUX_ELSA-2022-7581.NASL", "ORACLELINUX_ELSA-2022-7592.NASL", "ORACLELINUX_ELSA-2022-7593.NASL", "ORACLELINUX_ELSA-2022-7622.NASL", "ORACLELINUX_ELSA-2022-7633.NASL", "ORACLELINUX_ELSA-2022-7648.NASL", "ORACLELINUX_ELSA-2022-7700.NASL", "ORACLELINUX_ELSA-2022-7704.NASL", "ORACLELINUX_ELSA-2022-7715.NASL", "ORACLELINUX_ELSA-2022-7720.NASL", "ORACLELINUX_ELSA-2022-7745.NASL", "ORACLELINUX_ELSA-2022-7793.NASL", "ORACLELINUX_ELSA-2022-7928.NASL", "ORACLELINUX_ELSA-2022-8011.NASL", "ORACLELINUX_ELSA-2022-8054.NASL", "ORACLELINUX_ELSA-2022-8057.NASL", "ORACLELINUX_ELSA-2022-8062.NASL", "ORACLELINUX_ELSA-2022-8070.NASL", "ORACLELINUX_ELSA-2022-8250.NASL", "ORACLELINUX_ELSA-2022-8252.NASL", "ORACLELINUX_ELSA-2022-8291.NASL", "ORACLELINUX_ELSA-2022-8340.NASL", "ORACLELINUX_ELSA-2022-8353.NASL", "ORACLELINUX_ELSA-2022-8361.NASL", "ORACLELINUX_ELSA-2022-8453.NASL", "ORACLELINUX_ELSA-2022-8637.NASL", "ORACLELINUX_ELSA-2022-8638.NASL", "ORACLELINUX_ELSA-2022-8640.NASL", "ORACLELINUX_ELSA-2022-9683.NASL", "ORACLELINUX_ELSA-2022-9751.NASL", "ORACLELINUX_ELSA-2022-9962.NASL", "ORACLELINUX_ELSA-2022-9967.NASL", "ORACLELINUX_ELSA-2022-9987.NASL", "ORACLELINUX_ELSA-2022-9988.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_JUL_2022.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_OCT_2022.NASL", "ORACLE_RDBMS_CPU_OCT_2022.NASL", "REDHAT-RHSA-2021-3254.NASL", "REDHAT-RHSA-2021-5160.NASL", "REDHAT-RHSA-2021-5176.NASL", "REDHAT-RHSA-2022-0001.NASL", "REDHAT-RHSA-2022-0002.NASL", "REDHAT-RHSA-2022-0055.NASL", "REDHAT-RHSA-2022-0237.NASL", "REDHAT-RHSA-2022-0260.NASL", "REDHAT-RHSA-2022-0557.NASL", "REDHAT-RHSA-2022-0927.NASL", "REDHAT-RHSA-2022-1628.NASL", "REDHAT-RHSA-2022-1663.NASL", "REDHAT-RHSA-2022-1764.NASL", "REDHAT-RHSA-2022-1819.NASL", "REDHAT-RHSA-2022-1821.NASL", "REDHAT-RHSA-2022-5004.NASL", "REDHAT-RHSA-2022-5068.NASL", "REDHAT-RHSA-2022-5251.NASL", "REDHAT-RHSA-2022-5337.NASL", "REDHAT-RHSA-2022-5729.NASL", "REDHAT-RHSA-2022-5775.NASL", "REDHAT-RHSA-2022-5799.NASL", "REDHAT-RHSA-2022-5809.NASL", "REDHAT-RHSA-2022-5813.NASL", "REDHAT-RHSA-2022-5818.NASL", "REDHAT-RHSA-2022-5866.NASL", "REDHAT-RHSA-2022-5942.NASL", "REDHAT-RHSA-2022-6061.NASL", "REDHAT-RHSA-2022-6062.NASL", "REDHAT-RHSA-2022-6065.NASL", "REDHAT-RHSA-2022-6066.NASL", "REDHAT-RHSA-2022-6094.NASL", "REDHAT-RHSA-2022-6102.NASL", "REDHAT-RHSA-2022-6157.NASL", "REDHAT-RHSA-2022-6159.NASL", "REDHAT-RHSA-2022-6224.NASL", "REDHAT-RHSA-2022-6277.NASL", "REDHAT-RHSA-2022-6457.NASL", "REDHAT-RHSA-2022-6463.NASL", "REDHAT-RHSA-2022-6535.NASL", "REDHAT-RHSA-2022-6602.NASL", "REDHAT-RHSA-2022-6766.NASL", "REDHAT-RHSA-2022-6831.NASL", "REDHAT-RHSA-2022-6832.NASL", "REDHAT-RHSA-2022-6833.NASL", "REDHAT-RHSA-2022-6834.NASL", "REDHAT-RHSA-2022-6838.NASL", "REDHAT-RHSA-2022-6854.NASL", "REDHAT-RHSA-2022-6878.NASL", "REDHAT-RHSA-2022-6921.NASL", "REDHAT-RHSA-2022-6967.NASL", "REDHAT-RHSA-2022-6995.NASL", "REDHAT-RHSA-2022-6996.NASL", "REDHAT-RHSA-2022-6997.NASL", "REDHAT-RHSA-2022-6998.NASL", "REDHAT-RHSA-2022-7019.NASL", "REDHAT-RHSA-2022-7020.NASL", "REDHAT-RHSA-2022-7021.NASL", "REDHAT-RHSA-2022-7022.NASL", "REDHAT-RHSA-2022-7023.NASL", "REDHAT-RHSA-2022-7024.NASL", "REDHAT-RHSA-2022-7025.NASL", "REDHAT-RHSA-2022-7026.NASL", "REDHAT-RHSA-2022-7088.NASL", "REDHAT-RHSA-2022-7089.NASL", "REDHAT-RHSA-2022-7090.NASL", "REDHAT-RHSA-2022-7105.NASL", "REDHAT-RHSA-2022-7106.NASL", "REDHAT-RHSA-2022-7108.NASL", "REDHAT-RHSA-2022-7129.NASL", "REDHAT-RHSA-2022-7209.NASL", "REDHAT-RHSA-2022-7283.NASL", "REDHAT-RHSA-2022-7314.NASL", "REDHAT-RHSA-2022-7514.NASL", "REDHAT-RHSA-2022-7519.NASL", "REDHAT-RHSA-2022-7524.NASL", "REDHAT-RHSA-2022-7529.NASL", "REDHAT-RHSA-2022-7581.NASL", "REDHAT-RHSA-2022-7592.NASL", "REDHAT-RHSA-2022-7593.NASL", "REDHAT-RHSA-2022-7622.NASL", "REDHAT-RHSA-2022-7633.NASL", "REDHAT-RHSA-2022-7648.NASL", "REDHAT-RHSA-2022-7700.NASL", "REDHAT-RHSA-2022-7704.NASL", "REDHAT-RHSA-2022-7715.NASL", "REDHAT-RHSA-2022-7720.NASL", "REDHAT-RHSA-2022-7745.NASL", "REDHAT-RHSA-2022-7793.NASL", "REDHAT-RHSA-2022-7927.NASL", "REDHAT-RHSA-2022-7928.NASL", "REDHAT-RHSA-2022-8011.NASL", "REDHAT-RHSA-2022-8054.NASL", "REDHAT-RHSA-2022-8057.NASL", "REDHAT-RHSA-2022-8062.NASL", "REDHAT-RHSA-2022-8070.NASL", "REDHAT-RHSA-2022-8098.NASL", "REDHAT-RHSA-2022-8250.NASL", "REDHAT-RHSA-2022-8252.NASL", "REDHAT-RHSA-2022-8291.NASL", "REDHAT-RHSA-2022-8340.NASL", "REDHAT-RHSA-2022-8353.NASL", "REDHAT-RHSA-2022-8361.NASL", "REDHAT-RHSA-2022-8453.NASL", "REDHAT-RHSA-2022-8598.NASL", "REDHAT-RHSA-2022-8626.NASL", "REDHAT-RHSA-2022-8637.NASL", "REDHAT-RHSA-2022-8638.NASL", "REDHAT-RHSA-2022-8639.NASL", "REDHAT-RHSA-2022-8640.NASL", "REDHAT-RHSA-2022-8641.NASL", "REDHAT-RHSA-2022-8648.NASL", "REDHAT-RHSA-2022-8662.NASL", "REDHAT-RHSA-2022-8663.NASL", "REDHAT-RHSA-2022-8669.NASL", "REDHAT-RHSA-2022-8840.NASL", "REDHAT-RHSA-2022-8917.NASL", "REDHAT-RHSA-2022-9029.NASL", "ROCKY_LINUX_RLSA-2022-5813.NASL", "ROCKY_LINUX_RLSA-2022-6159.NASL", "ROCKY_LINUX_RLSA-2022-7023.NASL", "ROCKY_LINUX_RLSA-2022-7024.NASL", "ROCKY_LINUX_RLSA-2022-7105.NASL", "ROCKY_LINUX_RLSA-2022-7106.NASL", "ROCKY_LINUX_RLSA-2022-7700.NASL", "ROCKY_LINUX_RLSA-2022-7704.NASL", "ROCKY_LINUX_RLSA-2022-7715.NASL", "ROCKY_LINUX_RLSA-2022-7720.NASL", "ROCKY_LINUX_RLSA-2022-7745.NASL", "ROCKY_LINUX_RLSA-2022-8638.NASL", "SAMBA_CVE_2022-42898.NASL", "SLACKWARE_SSA_2022-124-02.NASL", "SLACKWARE_SSA_2022-174-01.NASL", "SLACKWARE_SSA_2022-179-01.NASL", "SLACKWARE_SSA_2022-179-03.NASL", "SLACKWARE_SSA_2022-186-01.NASL", "SLACKWARE_SSA_2022-188-01.NASL", "SLACKWARE_SSA_2022-210-01.NASL", "SLACKWARE_SSA_2022-263-01.NASL", "SLACKWARE_SSA_2022-269-01.NASL", "SLACKWARE_SSA_2022-286-01.NASL", "SLACKWARE_SSA_2022-288-01.NASL", "SLACKWARE_SSA_2022-320-01.NASL", "SLACKWARE_SSA_2022-320-04.NASL", "SLACKWARE_SSA_2022-341-01.NASL", "SL_20221006_EXPAT_ON_SL7_X.NASL", "SL_20221019_FIREFOX_ON_SL7_X.NASL", "SL_20221019_THUNDERBIRD_ON_SL7_X.NASL", "SUSE_SU-2021-4169-1.NASL", "SUSE_SU-2021-4186-1.NASL", "SUSE_SU-2022-0723-1.NASL", "SUSE_SU-2022-0724-1.NASL", "SUSE_SU-2022-0882-1.NASL", "SUSE_SU-2022-1091-1.NASL", "SUSE_SU-2022-1140-1.NASL", "SUSE_SU-2022-1288-1.NASL", "SUSE_SU-2022-1289-1.NASL", "SUSE_SU-2022-1307-1.NASL", "SUSE_SU-2022-1431-1.NASL", "SUSE_SU-2022-14941-1.NASL", "SUSE_SU-2022-1511-1.NASL", "SUSE_SU-2022-1652-1.NASL", "SUSE_SU-2022-1677-1.NASL", "SUSE_SU-2022-1688-1.NASL", "SUSE_SU-2022-1695-1.NASL", "SUSE_SU-2022-1718-1.NASL", "SUSE_SU-2022-1746-1.NASL", "SUSE_SU-2022-1829-1.NASL", "SUSE_SU-2022-1836-1.NASL", "SUSE_SU-2022-1844-1.NASL", "SUSE_SU-2022-1845-1.NASL", "SUSE_SU-2022-1862-1.NASL", "SUSE_SU-2022-1883-1.NASL", "SUSE_SU-2022-1898-1.NASL", "SUSE_SU-2022-2004-1.NASL", "SUSE_SU-2022-2005-1.NASL", "SUSE_SU-2022-2029-1.NASL", "SUSE_SU-2022-2030-1.NASL", "SUSE_SU-2022-2068-1.NASL", "SUSE_SU-2022-2071-1.NASL", "SUSE_SU-2022-2072-1.NASL", "SUSE_SU-2022-2075-1.NASL", "SUSE_SU-2022-2089-1.NASL", "SUSE_SU-2022-2098-1.NASL", "SUSE_SU-2022-2102-1.NASL", "SUSE_SU-2022-2106-1.NASL", "SUSE_SU-2022-2147-1.NASL", "SUSE_SU-2022-2166-1.NASL", "SUSE_SU-2022-2174-1.NASL", "SUSE_SU-2022-2179-1.NASL", "SUSE_SU-2022-2180-1.NASL", "SUSE_SU-2022-2181-1.NASL", "SUSE_SU-2022-2182-1.NASL", "SUSE_SU-2022-2197-1.NASL", "SUSE_SU-2022-2251-1.NASL", "SUSE_SU-2022-2288-1.NASL", "SUSE_SU-2022-2291-1.NASL", "SUSE_SU-2022-2305-1.NASL", "SUSE_SU-2022-2306-1.NASL", "SUSE_SU-2022-2308-1.NASL", "SUSE_SU-2022-2309-1.NASL", "SUSE_SU-2022-2311-1.NASL", "SUSE_SU-2022-2312-1.NASL", "SUSE_SU-2022-2321-1.NASL", "SUSE_SU-2022-2327-1.NASL", "SUSE_SU-2022-2328-1.NASL", "SUSE_SU-2022-2334-1.NASL", "SUSE_SU-2022-2344-1.NASL", "SUSE_SU-2022-2351-1.NASL", "SUSE_SU-2022-2356-1.NASL", "SUSE_SU-2022-2357-1.NASL", "SUSE_SU-2022-2360-1.NASL", "SUSE_SU-2022-2361-1.NASL", "SUSE_SU-2022-2417-1.NASL", "SUSE_SU-2022-2522-1.NASL", "SUSE_SU-2022-2523-1.NASL", "SUSE_SU-2022-2524-1.NASL", "SUSE_SU-2022-2525-1.NASL", "SUSE_SU-2022-2529-1.NASL", "SUSE_SU-2022-2546-1.NASL", "SUSE_SU-2022-2671-1.NASL", "SUSE_SU-2022-2672-1.NASL", "SUSE_SU-2022-2813-1.NASL", "SUSE_SU-2022-2829-1.NASL", "SUSE_SU-2022-2830-1.NASL", "SUSE_SU-2022-2845-1.NASL", "SUSE_SU-2022-2846-1.NASL", "SUSE_SU-2022-2847-1.NASL", "SUSE_SU-2022-2882-1.NASL", "SUSE_SU-2022-2919-1.NASL", "SUSE_SU-2022-2947-1.NASL", "SUSE_SU-2022-3144-1.NASL", "SUSE_SU-2022-3162-1.NASL", "SUSE_SU-2022-3252-1.NASL", "SUSE_SU-2022-3252-2.NASL", "SUSE_SU-2022-3321-1.NASL", "SUSE_SU-2022-3333-1.NASL", "SUSE_SU-2022-3466-1.NASL", "SUSE_SU-2022-3489-1.NASL", "SUSE_SU-2022-3597-1.NASL", "SUSE_SU-2022-3681-1.NASL", "SUSE_SU-2022-3683-1.NASL", "SUSE_SU-2022-3717-1.NASL", "SUSE_SU-2022-3871-1.NASL", "SUSE_SU-2022-4153-1.NASL", "SUSE_SU-2022-4154-1.NASL", "SUSE_SU-2022-4155-1.NASL", "SUSE_SU-2022-4167-1.NASL", "SUSE_SU-2022-4335-1.NASL", "SUSE_SU-2022-4395-1.NASL", "SUSE_SU-2022-4619-1.NASL", "SUSE_SU-2023-0081-1.NASL", "UBUNTU_USN-5262-1.NASL", "UBUNTU_USN-5342-1.NASL", "UBUNTU_USN-5366-1.NASL", "UBUNTU_USN-5366-2.NASL", "UBUNTU_USN-5394-1.NASL", "UBUNTU_USN-5402-1.NASL", "UBUNTU_USN-5402-2.NASL", "UBUNTU_USN-5408-1.NASL", "UBUNTU_USN-5453-1.NASL", "UBUNTU_USN-5457-1.NASL", "UBUNTU_USN-5464-1.NASL", "UBUNTU_USN-5488-1.NASL", "UBUNTU_USN-5488-2.NASL", "UBUNTU_USN-5495-1.NASL", "UBUNTU_USN-5498-1.NASL", "UBUNTU_USN-5499-1.NASL", "UBUNTU_USN-5502-1.NASL", "UBUNTU_USN-5503-1.NASL", "UBUNTU_USN-5503-2.NASL", "UBUNTU_USN-5507-1.NASL", "UBUNTU_USN-5519-1.NASL", "UBUNTU_USN-5522-1.NASL", "UBUNTU_USN-5528-1.NASL", "UBUNTU_USN-5548-1.NASL", "UBUNTU_USN-5550-1.NASL", "UBUNTU_USN-5569-1.NASL", "UBUNTU_USN-5570-1.NASL", "UBUNTU_USN-5570-2.NASL", "UBUNTU_USN-5573-1.NASL", "UBUNTU_USN-5615-1.NASL", "UBUNTU_USN-5615-2.NASL", "UBUNTU_USN-5627-1.NASL", "UBUNTU_USN-5638-1.NASL", "UBUNTU_USN-5638-2.NASL", "UBUNTU_USN-5688-1.NASL", "UBUNTU_USN-5688-2.NASL", "UBUNTU_USN-5726-1.NASL", "UBUNTU_USN-5800-1.NASL", "ZIMBRA_9_0_0_P26.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:JULY-2022-SECURITY-RELEASES", "NODEJSBLOG:OPENSSL-AND-ZLIB-VULNERABILITY-ASSESSMENT", "NODEJSBLOG:OPENSSL-FIXES-IN-REGULAR-RELEASES-JUN2022", "NODEJSBLOG:OPENSSL-FIXES-IN-REGULAR-RELEASES-MAY2022"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2022-1292", "OPENSSL:CVE-2022-2068", "OPENSSL:CVE-2022-2097"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-5160", "ELSA-2022-0001", "ELSA-2022-14844", "ELSA-2022-14857", "ELSA-2022-1764", "ELSA-2022-17956", "ELSA-2022-1819", "ELSA-2022-1821", "ELSA-2022-23681", "ELSA-2022-24267", "ELSA-2022-5251", "ELSA-2022-5337", "ELSA-2022-5775", "ELSA-2022-5799", "ELSA-2022-5809", "ELSA-2022-5813", "ELSA-2022-5818", "ELSA-2022-5942", "ELSA-2022-6157", "ELSA-2022-6159", "ELSA-2022-6224", "ELSA-2022-6457", "ELSA-2022-6463", "ELSA-2022-6602", "ELSA-2022-6834", "ELSA-2022-6838", "ELSA-2022-6854", "ELSA-2022-6878", "ELSA-2022-6997", "ELSA-2022-6998", "ELSA-2022-7020", "ELSA-2022-7023", "ELSA-2022-7024", "ELSA-2022-7026", "ELSA-2022-7088", "ELSA-2022-7089", "ELSA-2022-7090", "ELSA-2022-7105", "ELSA-2022-7106", "ELSA-2022-7108", "ELSA-2022-7129", "ELSA-2022-7314", "ELSA-2022-7514", "ELSA-2022-7519", "ELSA-2022-7524", "ELSA-2022-7529", "ELSA-2022-7581", "ELSA-2022-7592", "ELSA-2022-7593", "ELSA-2022-7622", "ELSA-2022-7633", "ELSA-2022-7648", "ELSA-2022-7700", "ELSA-2022-7704", "ELSA-2022-7715", "ELSA-2022-7720", "ELSA-2022-7745", "ELSA-2022-7793", "ELSA-2022-7928", "ELSA-2022-8011", "ELSA-2022-8054", "ELSA-2022-8057", "ELSA-2022-8062", "ELSA-2022-8070", "ELSA-2022-8250", "ELSA-2022-8252", "ELSA-2022-8291", "ELSA-2022-8340", "ELSA-2022-8353", "ELSA-2022-8361", "ELSA-2022-8453", "ELSA-2022-8637", "ELSA-2022-8638", "ELSA-2022-8640", "ELSA-2022-9683", "ELSA-2022-9751", "ELSA-2022-9962", "ELSA-2022-9967", "ELSA-2022-9987", "ELSA-2022-9988"]}, {"type": "osv", "idList": ["OSV:ASB-A-152874864", "OSV:ASB-A-158063095", "OSV:CVE-2015-20107", "OSV:CVE-2016-3709", "OSV:CVE-2022-1292", "OSV:CVE-2022-1586", "OSV:CVE-2022-2097", "OSV:CVE-2022-30698", "OSV:CVE-2022-30699", "OSV:CVE-2022-32206", "OSV:CVE-2022-32208", "OSV:CVE-2022-3515", "OSV:CVE-2022-37434", "OSV:CVE-2022-40674", "OSV:CVE-2022-42898", "OSV:DLA-2549-1", "OSV:DLA-2891-1", "OSV:DLA-2892-1", "OSV:DLA-2974-1", "OSV:DLA-2985-1", "OSV:DLA-2986-1", "OSV:DLA-3008-1", "OSV:DLA-3070-1", "OSV:DLA-3085-1", "OSV:DLA-3103-1", "OSV:DLA-3107-1", "OSV:DLA-3119-1", "OSV:DLA-3153-1", "OSV:DLA-3204-1", "OSV:DLA-3206-1", "OSV:DLA-3213-1", "OSV:DSA-5115-1", "OSV:DSA-5116-1", "OSV:DSA-5139-1", "OSV:DSA-5154-1", "OSV:DSA-5155-1", "OSV:DSA-5169-1", "OSV:DSA-5174-1", "OSV:DSA-5182-1", "OSV:DSA-5183-1", "OSV:DSA-5197-1", "OSV:DSA-5203-1", "OSV:DSA-5218-1", "OSV:DSA-5236-1", "OSV:DSA-5255-1", "OSV:DSA-5286-1", "OSV:DSA-5287-1", "OSV:GHSA-3WX7-46CH-7RQ2", "OSV:GHSA-CVX8-PPMC-78HM", "OSV:GHSA-JJ47-X69X-MXRM", "OSV:GHSA-M7VP-HQWV-7M5X", "OSV:GO-2021-0113", "OSV:GO-2021-0317", "OSV:GO-2021-0319", "OSV:GO-2022-0288", "OSV:GO-2022-0289", "OSV:GO-2022-0318", "OSV:GO-2022-0493", "OSV:GO-2022-0515", "OSV:GO-2022-0520", "OSV:GO-2022-0521", "OSV:GO-2022-0522", "OSV:GO-2022-0523", "OSV:GO-2022-0524", "OSV:GO-2022-0525", "OSV:GO-2022-0526", "OSV:GO-2022-0527", "OSV:GO-2022-0531", "OSV:GSD-2022-1002526", "OSV:GSD-2022-2274", "OSV:RUSTSEC-2022-0032"]}, {"type": "photon", "idList": ["PHSA-2022-0154", "PHSA-2022-0159", "PHSA-2022-0185", "PHSA-2022-0199", "PHSA-2022-0202", "PHSA-2022-0207", "PHSA-2022-0213", "PHSA-2022-0214", "PHSA-2022-0218", "PHSA-2022-0232", "PHSA-2022-0236", "PHSA-2022-0242", "PHSA-2022-0249", "PHSA-2022-0361", "PHSA-2022-0364", "PHSA-2022-0367", "PHSA-2022-0392", "PHSA-2022-0394", "PHSA-2022-0399", "PHSA-2022-0404", "PHSA-2022-0406", "PHSA-2022-0408", "PHSA-2022-0412", "PHSA-2022-0415", "PHSA-2022-0428", "PHSA-2022-0436", "PHSA-2022-0440", "PHSA-2022-0445", "PHSA-2022-0456", "PHSA-2022-0475", "PHSA-2022-0476", "PHSA-2022-0477", "PHSA-2022-0487", "PHSA-2022-0490", "PHSA-2022-0491", "PHSA-2022-0493", "PHSA-2022-0498", "PHSA-2022-0501", "PHSA-2022-0508", "PHSA-2022-0511", "PHSA-2022-0512", "PHSA-2022-0520", "PHSA-2022-0524", "PHSA-2023-0315", "PHSA-2023-0518"]}, {"type": "qt", "idList": ["QT:8AD6E9923B01E6FF01A97418325ED4E9", "QT:E58364D8D67B3149D47C5094977BC663"]}, {"type": "redhat", "idList": ["RHSA-2021:3254", "RHSA-2021:5160", "RHSA-2021:5176", "RHSA-2022:0001", "RHSA-2022:0002", "RHSA-2022:0055", "RHSA-2022:0056", "RHSA-2022:0163", "RHSA-2022:0237", "RHSA-2022:0260", "RHSA-2022:0557", "RHSA-2022:0585", "RHSA-2022:0587", "RHSA-2022:0842", "RHSA-2022:0855", "RHSA-2022:0927", "RHSA-2022:0947", "RHSA-2022:1051", "RHSA-2022:1056", "RHSA-2022:1081", "RHSA-2022:1361", "RHSA-2022:1372", "RHSA-2022:1396", "RHSA-2022:1628", "RHSA-2022:1663", "RHSA-2022:1734", "RHSA-2022:1764", "RHSA-2022:1819", "RHSA-2022:1821", "RHSA-2022:4860", "RHSA-2022:4863", "RHSA-2022:4956", "RHSA-2022:5004", "RHSA-2022:5006", "RHSA-2022:5068", "RHSA-2022:5069", "RHSA-2022:5070", "RHSA-2022:5201", "RHSA-2022:5251", "RHSA-2022:5337", "RHSA-2022:5392", "RHSA-2022:5525", "RHSA-2022:5556", "RHSA-2022:5699", "RHSA-2022:5729", "RHSA-2022:5730", "RHSA-2022:5775", "RHSA-2022:5799", "RHSA-2022:5809", "RHSA-2022:5813", "RHSA-2022:5818", "RHSA-2022:5840", "RHSA-2022:5866", "RHSA-2022:5875", "RHSA-2022:5879", "RHSA-2022:5908", "RHSA-2022:5909", "RHSA-2022:5923", "RHSA-2022:5924", "RHSA-2022:5942", "RHSA-2022:6024", "RHSA-2022:6040", "RHSA-2022:6042", "RHSA-2022:6051", "RHSA-2022:6053", "RHSA-2022:6061", "RHSA-2022:6062", "RHSA-2022:6065", "RHSA-2022:6066", "RHSA-2022:6094", "RHSA-2022:6102", "RHSA-2022:6103", "RHSA-2022:6113", "RHSA-2022:6152", "RHSA-2022:6155", "RHSA-2022:6156", "RHSA-2022:6157", "RHSA-2022:6159", "RHSA-2022:6182", "RHSA-2022:6183", "RHSA-2022:6184", "RHSA-2022:6187", "RHSA-2022:6188", "RHSA-2022:6224", "RHSA-2022:6262", "RHSA-2022:6263", "RHSA-2022:6271", "RHSA-2022:6277", "RHSA-2022:6283", "RHSA-2022:6287", "RHSA-2022:6290", "RHSA-2022:6308", "RHSA-2022:6318", "RHSA-2022:6344", "RHSA-2022:6345", "RHSA-2022:6346", "RHSA-2022:6347", "RHSA-2022:6348", "RHSA-2022:6351", "RHSA-2022:6370", "RHSA-2022:6422", "RHSA-2022:6429", "RHSA-2022:6430", "RHSA-2022:6457", "RHSA-2022:6463", "RHSA-2022:6507", "RHSA-2022:6517", "RHSA-2022:6526", "RHSA-2022:6535", "RHSA-2022:6536", "RHSA-2022:6537", "RHSA-2022:6560", "RHSA-2022:6602", "RHSA-2022:6681", "RHSA-2022:6696", "RHSA-2022:6714", "RHSA-2022:6766", "RHSA-2022:6831", "RHSA-2022:6832", "RHSA-2022:6833", "RHSA-2022:6834", "RHSA-2022:6838", "RHSA-2022:6854", "RHSA-2022:6878", "RHSA-2022:6882", "RHSA-2022:6890", "RHSA-2022:6905", "RHSA-2022:6921", "RHSA-2022:6954", "RHSA-2022:6967", "RHSA-2022:6995", "RHSA-2022:6996", "RHSA-2022:6997", "RHSA-2022:6998", "RHSA-2022:7019", "RHSA-2022:7020", "RHSA-2022:7021", "RHSA-2022:7022", "RHSA-2022:7023", "RHSA-2022:7024", "RHSA-2022:7025", "RHSA-2022:7026", "RHSA-2022:7055", "RHSA-2022:7058", "RHSA-2022:7088", "RHSA-2022:7089", "RHSA-2022:7090", "RHSA-2022:7105", "RHSA-2022:7106", "RHSA-2022:7108", "RHSA-2022:7129", "RHSA-2022:7201", "RHSA-2022:7209", "RHSA-2022:7261", "RHSA-2022:7276", "RHSA-2022:7283", "RHSA-2022:7313", "RHSA-2022:7314", "RHSA-2022:7398", "RHSA-2022:7399", "RHSA-2022:7401", "RHSA-2022:7407", "RHSA-2022:7434", "RHSA-2022:7435", "RHSA-2022:7514", "RHSA-2022:7519", "RHSA-2022:7524", "RHSA-2022:7529", "RHSA-2022:7581", "RHSA-2022:7592", "RHSA-2022:7593", "RHSA-2022:7622", "RHSA-2022:7633", "RHSA-2022:7648", "RHSA-2022:7700", "RHSA-2022:7704", "RHSA-2022:7715", "RHSA-2022:7720", "RHSA-2022:7745", "RHSA-2022:7793", "RHSA-2022:7927", "RHSA-2022:7928", "RHSA-2022:8011", "RHSA-2022:8054", "RHSA-2022:8057", "RHSA-2022:8062", "RHSA-2022:8070", "RHSA-2022:8098", "RHSA-2022:8250", "RHSA-2022:8252", "RHSA-2022:8291", "RHSA-2022:8340", "RHSA-2022:8353", "RHSA-2022:8361", "RHSA-2022:8453", "RHSA-2022:8598", "RHSA-2022:8609", "RHSA-2022:8626", "RHSA-2022:8634", "RHSA-2022:8637", "RHSA-2022:8638", "RHSA-2022:8639", "RHSA-2022:8640", "RHSA-2022:8641", "RHSA-2022:8648", "RHSA-2022:8662", "RHSA-2022:8663", "RHSA-2022:8669", "RHSA-2022:8750", "RHSA-2022:8781", "RHSA-2022:8827", "RHSA-2022:8840", "RHSA-2022:8841", "RHSA-2022:8889", "RHSA-2022:8893", "RHSA-2022:8913", "RHSA-2022:8917", "RHSA-2022:8938", "RHSA-2022:8964", "RHSA-2022:9029", "RHSA-2022:9040", "RHSA-2022:9047", "RHSA-2023:0245", "RHSA-2023:0407"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-3709", "RH:CVE-2020-0256", "RH:CVE-2020-35525", "RH:CVE-2020-35527", "RH:CVE-2021-0308", "RH:CVE-2021-38561", "RH:CVE-2021-44716", "RH:CVE-2021-44717", "RH:CVE-2022-0391", "RH:CVE-2022-0934", "RH:CVE-2022-1292", "RH:CVE-2022-1304", "RH:CVE-2022-1586", "RH:CVE-2022-1705", "RH:CVE-2022-1785", "RH:CVE-2022-1798", "RH:CVE-2022-1897", "RH:CVE-2022-1927", "RH:CVE-2022-1962", "RH:CVE-2022-2068", "RH:CVE-2022-2097", "RH:CVE-2022-22624", "RH:CVE-2022-22628", "RH:CVE-2022-22629", "RH:CVE-2022-22662", "RH:CVE-2022-23772", "RH:CVE-2022-23773", "RH:CVE-2022-23806", "RH:CVE-2022-24795", "RH:CVE-2022-2509", "RH:CVE-2022-25308", "RH:CVE-2022-25309", "RH:CVE-2022-25310", "RH:CVE-2022-26700", "RH:CVE-2022-26709", "RH:CVE-2022-26710", "RH:CVE-2022-26716", "RH:CVE-2022-26717", "RH:CVE-2022-26719", "RH:CVE-2022-27404", "RH:CVE-2022-27405", "RH:CVE-2022-27406", "RH:CVE-2022-28131", "RH:CVE-2022-29526", "RH:CVE-2022-30293", "RH:CVE-2022-30294", "RH:CVE-2022-30629", "RH:CVE-2022-30630", "RH:CVE-2022-30631", "RH:CVE-2022-30632", "RH:CVE-2022-30633", "RH:CVE-2022-30635", "RH:CVE-2022-30698", "RH:CVE-2022-30699", "RH:CVE-2022-32148", "RH:CVE-2022-32206", "RH:CVE-2022-32208", "RH:CVE-2022-34903", "RH:CVE-2022-3515", "RH:CVE-2022-37434", "RH:CVE-2022-3787", "RH:CVE-2022-40674", "RH:CVE-2022-42898"]}, {"type": "redos", "idList": ["ROS-20220407-03", "ROS-20220524-01"]}, {"type": "rocky", "idList": ["RLSA-2022:1819", "RLSA-2022:5337", "RLSA-2022:5775", "RLSA-2022:5809", "RLSA-2022:5813", "RLSA-2022:5818", "RLSA-2022:6159", "RLSA-2022:6463", "RLSA-2022:6878", "RLSA-2022:7023", "RLSA-2022:7024", "RLSA-2022:7089", "RLSA-2022:7105", "RLSA-2022:7106", "RLSA-2022:7108", "RLSA-2022:7514", "RLSA-2022:7524", "RLSA-2022:7622", "RLSA-2022:7633", "RLSA-2022:7700", "RLSA-2022:7704", "RLSA-2022:7715", "RLSA-2022:7720", "RLSA-2022:7745", "RLSA-2022:8638"]}, {"type": "rustsec", "idList": ["RUSTSEC-2022-0032"]}, {"type": "samba", "idList": ["SAMBA:CVE-2022-42898"]}, {"type": "slackware", "idList": ["SSA-2022-124-02", "SSA-2022-174-01", "SSA-2022-179-01", "SSA-2022-179-03", "SSA-2022-186-01", "SSA-2022-188-01", "SSA-2022-210-01", "SSA-2022-263-01", "SSA-2022-269-01", "SSA-2022-286-01", "SSA-2022-288-01", "SSA-2022-320-01", "SSA-2022-320-04", "SSA-2022-341-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1626-1", "OPENSUSE-SU-2021:4169-1", "OPENSUSE-SU-2021:4186-1", "OPENSUSE-SU-2022:0723-1", "OPENSUSE-SU-2022:0724-1", "OPENSUSE-SU-2022:1091-1", "OPENSUSE-SU-2022:2328-1", "OPENSUSE-SU-2022:2361-1", "OPENSUSE-SU-2022:2546-1", "OPENSUSE-SU-2022:2882-1", "OPENSUSE-SU-2022:2947-1", "SUSE-SU-2022:1307-1", "SUSE-SU-2022:1431-1", "SUSE-SU-2022:1688-1", "SUSE-SU-2022:1718-1", "SUSE-SU-2022:1829-1", "SUSE-SU-2022:1844-1", "SUSE-SU-2022:1862-1", "SUSE-SU-2022:1883-1", "SUSE-SU-2022:1898-1", "SUSE-SU-2022:2004-1", "SUSE-SU-2022:2005-1", "SUSE-SU-2022:2071-1", "SUSE-SU-2022:2072-1", "SUSE-SU-2022:2102-1", "SUSE-SU-2022:2174-1", "SUSE-SU-2022:2251-1", "SUSE-SU-2022:2251-2", "SUSE-SU-2022:2291-1", "SUSE-SU-2022:2305-1", "SUSE-SU-2022:2306-1", "SUSE-SU-2022:2308-1", "SUSE-SU-2022:2321-1", "SUSE-SU-2022:2327-1", "SUSE-SU-2022:2327-2", "SUSE-SU-2022:2328-1", "SUSE-SU-2022:2344-1", "SUSE-SU-2022:2357-1", "SUSE-SU-2022:2357-2", "SUSE-SU-2022:2360-1", "SUSE-SU-2022:2361-1", "SUSE-SU-2022:2523-1", "SUSE-SU-2022:2525-1", "SUSE-SU-2022:2546-1", "SUSE-SU-2022:2671-1", "SUSE-SU-2022:2672-1", "SUSE-SU-2022:2882-1", "SUSE-SU-2022:2919-1", "SUSE-SU-2022:2947-1", "SUSE-SU-2022:3162-1", "SUSE-SU-2022:3252-1", "SUSE-SU-2022:3321-1", "SUSE-SU-2022:3333-1", "SUSE-SU-2022:3489-1", "SUSE-SU-2022:3597-1", "SUSE-SU-2022:3683-1", "SUSE-SU-2022:3871-1"]}, {"type": "thn", "idList": ["THN:BF4AE09A315FD10E056B189C3AD06B28"]}, {"type": "threatpost", "idList": ["THREATPOST:7016E3D2F3480C9399BCD12F9CE0D562"]}, {"type": "ubuntu", "idList": ["USN-5262-1", "USN-5342-1", "USN-5366-1", "USN-5366-2", "USN-5394-1", "USN-5402-1", "USN-5402-2", "USN-5408-1", "USN-5453-1", "USN-5457-1", "USN-5464-1", "USN-5488-1", "USN-5488-2", "USN-5495-1", "USN-5498-1", "USN-5499-1", "USN-5502-1", "USN-5503-1", "USN-5503-2", "USN-5507-1", "USN-5519-1", "USN-5522-1", "USN-5528-1", "USN-5548-1", "USN-5550-1", "USN-5569-1", "USN-5570-1", "USN-5570-2", "USN-5573-1", "USN-5615-1", "USN-5615-2", "USN-5627-1", "USN-5638-1", "USN-5638-2", "USN-5688-1", "USN-5688-2", "USN-5726-1", "USN-5800-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-20107", "UB:CVE-2016-3709", "UB:CVE-2020-0256", "UB:CVE-2020-35525", "UB:CVE-2020-35527", "UB:CVE-2021-0308", "UB:CVE-2021-38561", "UB:CVE-2021-44716", "UB:CVE-2021-44717", "UB:CVE-2022-0391", "UB:CVE-2022-0934", "UB:CVE-2022-1292", "UB:CVE-2022-1304", "UB:CVE-2022-1586", "UB:CVE-2022-1705", "UB:CVE-2022-1785", "UB:CVE-2022-1897", "UB:CVE-2022-1927", "UB:CVE-2022-1962", "UB:CVE-2022-2068", "UB:CVE-2022-2097", "UB:CVE-2022-22624", "UB:CVE-2022-22628", "UB:CVE-2022-22629", "UB:CVE-2022-22662", "UB:CVE-2022-23772", "UB:CVE-2022-23773", "UB:CVE-2022-23806", "UB:CVE-2022-24795", "UB:CVE-2022-2509", "UB:CVE-2022-25308", "UB:CVE-2022-25309", "UB:CVE-2022-25310", "UB:CVE-2022-26700", "UB:CVE-2022-26709", "UB:CVE-2022-26710", "UB:CVE-2022-26716", "UB:CVE-2022-26717", "UB:CVE-2022-26719", "UB:CVE-2022-27404", "UB:CVE-2022-27405", "UB:CVE-2022-27406", "UB:CVE-2022-28131", "UB:CVE-2022-29526", "UB:CVE-2022-30293", "UB:CVE-2022-30629", "UB:CVE-2022-30630", "UB:CVE-2022-30631", "UB:CVE-2022-30632", "UB:CVE-2022-30633", "UB:CVE-2022-30635", "UB:CVE-2022-30698", "UB:CVE-2022-30699", "UB:CVE-2022-32148", "UB:CVE-2022-32206", "UB:CVE-2022-32208", "UB:CVE-2022-34903", "UB:CVE-2022-3515", "UB:CVE-2022-37434", "UB:CVE-2022-40674", "UB:CVE-2022-42898"]}, {"type": "veracode", "idList": ["VERACODE:29038", "VERACODE:29199", "VERACODE:33334", "VERACODE:33335", "VERACODE:34059", "VERACODE:34197", "VERACODE:34198", "VERACODE:34216", "VERACODE:34979", "VERACODE:35056", "VERACODE:35154", "VERACODE:35155", "VERACODE:35156", "VERACODE:35167", "VERACODE:35440", "VERACODE:35474", "VERACODE:35508", "VERACODE:35559", "VERACODE:35560", "VERACODE:35561", "VERACODE:35607", "VERACODE:35610", "VERACODE:35611", "VERACODE:35968", "VERACODE:36086", "VERACODE:36189", "VERACODE:36190", "VERACODE:36245", "VERACODE:36271", "VERACODE:36367", "VERACODE:36440", "VERACODE:36442", "VERACODE:36448", "VERACODE:36463", "VERACODE:36480", "VERACODE:36481", "VERACODE:36482", "VERACODE:36483", "VERACODE:36484", "VERACODE:36485", "VERACODE:36528", "VERACODE:36586", "VERACODE:36616", "VERACODE:36617", "VERACODE:36620", "VERACODE:36630", "VERACODE:36636", "VERACODE:36642", "VERACODE:36743", "VERACODE:37039", "VERACODE:37064", "VERACODE:37065", "VERACODE:37634", "VERACODE:38143", "VERACODE:38694", "VERACODE:38695", "VERACODE:38696", "VERACODE:38697", "VERACODE:38698", "VERACODE:38699", "VERACODE:38700", "VERACODE:38897"]}, {"type": "zdi", "idList": ["ZDI-22-1463", "ZDI-22-1464", "ZDI-22-1465", "ZDI-22-517"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "epss": [{"cve": "CVE-2015-20107", "epss": "0.001100000", "percentile": "0.424300000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3709", "epss": "0.000460000", "percentile": "0.138900000", "modified": "2023-03-20"}, {"cve": "CVE-2020-0256", "epss": "0.000530000", "percentile": "0.191950000", "modified": "2023-03-20"}, {"cve": "CVE-2020-35525", "epss": "0.000460000", "percentile": "0.138900000", "modified": "2023-03-20"}, {"cve": "CVE-2020-35527", "epss": "0.000910000", "percentile": "0.374240000", "modified": "2023-03-20"}, {"cve": "CVE-2021-0308", "epss": "0.000530000", "percentile": "0.191500000", "modified": "2023-03-20"}, {"cve": "CVE-2021-38561", "epss": "0.000540000", "percentile": "0.195400000", "modified": "2023-03-20"}, {"cve": "CVE-2021-44716", "epss": "0.000980000", "percentile": "0.393050000", "modified": "2023-03-20"}, {"cve": "CVE-2021-44717", "epss": "0.001090000", "percentile": "0.421550000", "modified": "2023-03-20"}, {"cve": "CVE-2022-0391", "epss": "0.000780000", "percentile": "0.315850000", "modified": "2023-03-20"}, {"cve": "CVE-2022-0934", "epss": "0.000580000", "percentile": "0.218980000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1292", "epss": "0.597600000", "percentile": "0.971660000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1304", "epss": "0.000550000", "percentile": "0.210350000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1586", "epss": "0.000950000", "percentile": "0.386580000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1705", "epss": "0.000830000", "percentile": "0.335960000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1785", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1798", "epss": "0.000440000", "percentile": "0.084120000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1897", "epss": "0.000550000", "percentile": "0.208320000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1927", "epss": "0.000530000", "percentile": "0.189810000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1962", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2022-2068", "epss": "0.265690000", "percentile": "0.959970000", "modified": "2023-03-20"}, {"cve": "CVE-2022-2097", "epss": "0.001300000", "percentile": "0.461290000", "modified": "2023-03-20"}, {"cve": "CVE-2022-22624", "epss": "0.000880000", "percentile": "0.359930000", "modified": "2023-03-20"}, {"cve": "CVE-2022-22628", "epss": "0.000850000", "percentile": "0.345590000", "modified": "2023-03-20"}, {"cve": "CVE-2022-22629", "epss": "0.001030000", "percentile": "0.404910000", "modified": "2023-03-20"}, {"cve": "CVE-2022-22662", "epss": "0.000650000", "percentile": "0.266810000", "modified": "2023-03-20"}, {"cve": "CVE-2022-23772", "epss": "0.001550000", "percentile": "0.500950000", "modified": "2023-03-20"}, {"cve": "CVE-2022-23773", "epss": "0.000750000", "percentile": "0.302490000", "modified": "2023-03-20"}, {"cve": "CVE-2022-23806", "epss": "0.001580000", "percentile": "0.505590000", "modified": "2023-03-20"}, {"cve": "CVE-2022-24795", "epss": "0.000690000", "percentile": "0.280670000", "modified": "2023-03-20"}, {"cve": "CVE-2022-2509", "epss": "0.000470000", "percentile": "0.143990000", "modified": "2023-03-20"}, {"cve": "CVE-2022-25308", "epss": "0.000530000", "percentile": "0.191460000", "modified": "2023-03-20"}, {"cve": "CVE-2022-25309", "epss": "0.000440000", "percentile": "0.082080000", "modified": "2023-03-20"}, {"cve": "CVE-2022-25310", "epss": "0.000440000", "percentile": "0.082080000", "modified": "2023-03-20"}, {"cve": "CVE-2022-26700", "epss": "0.000810000", "percentile": "0.330280000", "modified": "2023-03-20"}, {"cve": "CVE-2022-26709", "epss": "0.000850000", "percentile": "0.345590000", "modified": "2023-03-20"}, {"cve": "CVE-2022-26710", "epss": "0.000880000", "percentile": "0.359930000", "modified": "2023-03-20"}, {"cve": "CVE-2022-26716", "epss": "0.000810000", "percentile": "0.330280000", "modified": "2023-03-20"}, {"cve": "CVE-2022-26717", "epss": "0.001040000", "percentile": "0.410910000", "modified": "2023-03-20"}, {"cve": "CVE-2022-26719", "epss": "0.000810000", "percentile": "0.330280000", "modified": "2023-03-20"}, {"cve": "CVE-2022-27404", "epss": "0.001090000", "percentile": "0.422490000", "modified": "2023-03-20"}, {"cve": "CVE-2022-27405", "epss": "0.000580000", "percentile": "0.224270000", "modified": "2023-03-20"}, {"cve": "CVE-2022-27406", "epss": "0.000540000", "percentile": "0.197430000", "modified": "2023-03-20"}, {"cve": "CVE-2022-28131", "epss": "0.000560000", "percentile": "0.210780000", "modified": "2023-03-20"}, {"cve": "CVE-2022-29526", "epss": "0.001360000", "percentile": "0.473570000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30293", "epss": "0.000730000", "percentile": "0.295640000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30629", "epss": "0.000520000", "percentile": "0.181730000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30630", "epss": "0.000560000", "percentile": "0.210780000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30631", "epss": "0.000560000", "percentile": "0.210780000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30632", "epss": "0.000560000", "percentile": "0.210780000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30633", "epss": "0.000560000", "percentile": "0.210780000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30635", "epss": "0.000560000", "percentile": "0.210780000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30698", "epss": "0.000680000", "percentile": "0.277490000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30699", "epss": "0.000680000", "percentile": "0.277490000", "modified": "2023-03-20"}, {"cve": "CVE-2022-32148", "epss": "0.000520000", "percentile": "0.181730000", "modified": "2023-03-20"}, {"cve": "CVE-2022-32206", "epss": "0.000720000", "percentile": "0.290800000", "modified": "2023-03-20"}, {"cve": "CVE-2022-32208", "epss": "0.001380000", "percentile": "0.475010000", "modified": "2023-03-20"}, {"cve": "CVE-2022-34903", "epss": "0.001410000", "percentile": "0.481270000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3515", "epss": "0.002600000", "percentile": "0.620140000", "modified": "2023-03-20"}, {"cve": "CVE-2022-37434", "epss": "0.002560000", "percentile": "0.616830000", "modified": "2023-03-20"}, {"cve": "CVE-2022-40674", "epss": "0.001060000", "percentile": "0.415840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-42898", "epss": "0.001180000", "percentile": "0.442360000", "modified": "2023-03-20"}], "vulnersScore": 0.7}, "_state": {"dependencies": 1674573445, "score": 1674576001, "epss": 1679355295}, "_internal": {"score_hash": "e5643d13bfe8aecf90ea4ad0338f9063"}, "affectedPackage": [], "vendorCvss": {"severity": "important"}}

{"redhat": [{"lastseen": "2022-12-01T18:07:37", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nSecurity Fix(es):\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not 'latest' (BZ#2102694)\n\n* [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1 images.\n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-01T18:00:01", "type": "redhat", "title": "(RHSA-2022:8750) Moderate: OpenShift Virtualization 4.11.1 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2016-3709", "CVE-2020-0256", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-0308", "CVE-2021-38561", "CVE-2022-0391", "CVE-2022-0934", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-24675", "CVE-2022-24795", "CVE-2022-24921", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-28327", "CVE-2022-29154", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-38177", "CVE-2022-38178", "CVE-2022-40674"], "modified": "2022-12-01T18:00:15", "id": "RHSA-2022:8750", "href": "https://access.redhat.com/errata/RHSA-2022:8750", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-15T10:06:25", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T06:14:22", "type": "redhat", "title": "(RHSA-2022:8054) Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T08:05:02", "id": "RHSA-2022:8054", "href": "https://access.redhat.com/errata/RHSA-2022:8054", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T08:46:30", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:46", "type": "redhat", "title": "(RHSA-2022:7704) Moderate: webkit2gtk3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-08T07:49:12", "id": "RHSA-2022:7704", "href": "https://access.redhat.com/errata/RHSA-2022:7704", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-13T18:11:18", "description": "The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T13:57:18", "type": "redhat", "title": "(RHSA-2022:8964) Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-37434", "CVE-2022-3782", "CVE-2022-3916", "CVE-2022-42898"], "modified": "2022-12-13T13:57:35", "id": "RHSA-2022:8964", "href": "https://access.redhat.com/errata/RHSA-2022:8964", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-16T12:06:26", "description": "Logging Subsystem 5.4.8 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T10:51:23", "type": "redhat", "title": "(RHSA-2022:7435) Moderate: Logging Subsystem 5.4.8 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36518", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-40674", "CVE-2022-42003", "CVE-2022-42004"], "modified": "2022-11-16T10:51:42", "id": "RHSA-2022:7435", "href": "https://access.redhat.com/errata/RHSA-2022:7435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-25T12:00:53", "description": "This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T11:19:13", "type": "redhat", "title": "(RHSA-2022:6188) Important: Node Maintenance Operator 4.11.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-32148"], "modified": "2022-08-25T11:19:26", "id": "RHSA-2022:6188", "href": "https://access.redhat.com/errata/RHSA-2022:6188", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-10T08:06:06", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-31T18:47:41", "type": "redhat", "title": "(RHSA-2022:6283) Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-31107", "CVE-2022-32148"], "modified": "2022-11-10T07:54:10", "id": "RHSA-2022:6283", "href": "https://access.redhat.com/errata/RHSA-2022:6283", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-24T15:07:31", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\u00a0This advisory contains OpenShift Virtualization 4.12.0 RPMs.\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-24T12:45:04", "type": "redhat", "title": "(RHSA-2023:0407) Moderate: OpenShift Virtualization 4.12.0 RPMs security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38561", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-24921", "CVE-2022-28131", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2023-01-24T12:45:24", "id": "RHSA-2023:0407", "href": "https://access.redhat.com/errata/RHSA-2023:0407", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-11-21T10:06:55", "description": "Go Toolset provides the Go programming language tools and libraries. Go is\nalternatively known as golang.\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Clean up dist-git patches (BZ#2109172)\n\n* Update Go to version 1.17.12 (BZ#2109184)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-02T08:55:32", "type": "redhat", "title": "(RHSA-2022:5866) Important: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-11-21T09:11:12", "id": "RHSA-2022:5866", "href": "https://access.redhat.com/errata/RHSA-2022:5866", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-03T22:47:41", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Clean up dist-git patches (BZ#2110942)\n\n* Update Go to version 1.17.12 (BZ#2110943)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-01T08:57:38", "type": "redhat", "title": "(RHSA-2022:5775) Important: go-toolset:rhel8 security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-11-03T21:07:10", "id": "RHSA-2022:5775", "href": "https://access.redhat.com/errata/RHSA-2022:5775", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-13T02:22:53", "description": "Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. \n\nThis release includes security and bug fixes, and enhancements.\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\nFor more details about the security issues, including the impact; a CVSS score;\nacknowledgments; and other related information refer to the CVE pages linked in\nthe References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T02:09:25", "type": "redhat", "title": "(RHSA-2022:8938) Low: Release of OpenShift Serverless 1.26.0", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-43565", "CVE-2022-1304", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27191", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-39399"], "modified": "2022-12-13T02:09:38", "id": "RHSA-2022:8938", "href": "https://access.redhat.com/errata/RHSA-2022:8938", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:44:52", "description": "Gatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include bug\nfixes and container upgrades. \n\nNote: Gatekeeper support from the Red Hat support team is limited to where it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/.\n\nSecurity fix:\n\n* CVE-2022-30629: gatekeeper-container: golang: crypto/tls: session tickets lack random ticket_age_add\n\n* CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630: golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T12:02:43", "type": "redhat", "title": "(RHSA-2022:6348) Moderate: Gatekeeper Operator v0.2 security and container updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40528", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-28131", "CVE-2022-29824", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T12:03:05", "id": "RHSA-2022:6348", "href": "https://access.redhat.com/errata/RHSA-2022:6348", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-06T15:44:52", "description": "Multicluster engine for Kubernetes 2.1 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.\n\nSecurity fixes:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n* CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n\nBug fixes:\n\n* MCE 2.1.0 Images (BZ# 2090907)\n\n* cluster-proxy-agent not able to startup (BZ# 2109394)\n\n* Create cluster button skips Infrastructure page, shows blank page (BZ# 2110713)\n\n* AWS Icon sometimes doesn't show up in create cluster wizard (BZ# 2110734)\n\n* Infrastructure descriptions in create cluster catalog should be consistent and clear (BZ# 2110811)\n\n* The user with clusterset view permission should not able to update the namespace binding with the pencil icon on clusterset details page (BZ# 2111483)\n\n* hypershift cluster creation -> not all agent labels are shown in the node pools screen (BZ# 2112326)\n\n* CIM - SNO expansion, worker node status incorrect (BZ# 2114735)\n\n* Wizard fields are not pre-filled after picking credentials (BZ# 2117163)\n\n* ManagedClusterImageRegistry CR is wrong in pure MCE env", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T12:02:07", "type": "redhat", "title": "(RHSA-2022:6345) Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-28131", "CVE-2022-29154", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-31129", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T12:03:04", "id": "RHSA-2022:6345", "href": "https://access.redhat.com/errata/RHSA-2022:6345", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-19T22:04:53", "description": "OpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime.\n\nThis advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix.\n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. See the following Release Notes documentation,\nwhich will be updated shortly for this release, for details about these\nchanges:\n\nhttps://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T21:26:08", "type": "redhat", "title": "(RHSA-2022:7058) Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2022-0391", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-24675", "CVE-2022-2832", "CVE-2022-29154", "CVE-2022-30632", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903", "CVE-2022-40674"], "modified": "2022-10-19T21:35:57", "id": "RHSA-2022:7058", "href": "https://access.redhat.com/errata/RHSA-2022:7058", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-15T02:08:37", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-15T01:56:18", "type": "redhat", "title": "(RHSA-2022:9047) Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-35525", "CVE-2020-35527", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1122", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27664", "CVE-2022-28131", "CVE-2022-30293", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-42898"], "modified": "2022-12-15T01:56:30", "id": "RHSA-2022:9047", "href": "https://access.redhat.com/errata/RHSA-2022:9047", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-18T15:28:26", "description": "This release addresses several security issues in the underlying golang compiler by moving to golang version 1.17.12.\n\nSecurity Fixes:\n\nImportant:\n- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nModerate:\n- golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n- golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n- golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n- golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n- golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n- golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n- golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For\nnot working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact; a CVSS\nscore; acknowledgments; and other related information refer to the CVE page(s)\nlisted in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-18T14:51:43", "type": "redhat", "title": "(RHSA-2022:6113) Important: Red Hat Application Interconnect 1.0 Release (rpms)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-32148"], "modified": "2022-08-18T15:06:51", "id": "RHSA-2022:6113", "href": "https://access.redhat.com/errata/RHSA-2022:6113", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-06T15:44:52", "description": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n* CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T12:02:19", "type": "redhat", "title": "(RHSA-2022:6346) Moderate: RHSA: Submariner 0.13 - security and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38561", "CVE-2021-40528", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-28131", "CVE-2022-29824", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T12:03:04", "id": "RHSA-2022:6346", "href": "https://access.redhat.com/errata/RHSA-2022:6346", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-06T15:44:52", "description": "VolSync v0.5\n\nVolSync is a Kubernetes operator that enables asynchronous replication of\npersistent volumes within a cluster, or across clusters. After deploying\nthe VolSync operator, it can create and maintain copies of your persistent\ndata.\n\nFor more information about VolSync, see:\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#volsync\nor the VolSync open source community website at:\nhttps://volsync.readthedocs.io/en/stable/.\n\nThis advisory contains a security fix and updates to the VolSync\ncontainer images.\n\nSecurity fixes:\n\n* CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n\n* CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-06T12:02:31", "type": "redhat", "title": "(RHSA-2022:6347) Moderate: VolSync 0.5 security fixes and updates", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-27191", "CVE-2022-28131", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-09-06T12:03:05", "id": "RHSA-2022:6347", "href": "https://access.redhat.com/errata/RHSA-2022:6347", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-09-06T22:01:48", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix security issues and several bugs. See the following Release Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n\n* CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\nBug fixes:\n\n* assisted-service repo pin-latest.py script should allow custom tags to be pinned (BZ# 2065661)\n\n* assisted-service-build image is too big in size (BZ# 2066059)\n\n* assisted-service pin-latest.py script should exclude the postgres image (BZ# 2076901)\n\n* PXE artifacts need to be served via HTTP (BZ# 2078531)\n\n* Implementing new service-agent protocol on agent side (BZ# 2081281)\n\n* RHACM 2.6.0 images (BZ# 2090906)\n\n* Assisted service POD keeps crashing after a bare metal host is created (BZ# 2093503)\n\n* Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled (BZ# 2096106)\n\n* Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)\n\n* Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB (BZ# 2099277)\n\n* The pre-selected search keyword is not readable (BZ# 2107736)\n\n* The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI (BZ# 2111843)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T21:05:46", "type": "redhat", "title": "(RHSA-2022:6370) Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-1962", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-28131", "CVE-2022-29154", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-31129", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-32250"], "modified": "2022-09-06T21:06:11", "id": "RHSA-2022:6370", "href": "https://access.redhat.com/errata/RHSA-2022:6370", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T12:11:39", "description": "Security Fix(es):\n\n* mtr-web-container: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-26T11:33:15", "type": "redhat", "title": "(RHSA-2023:0470) Important: Migration Toolkit for Runtimes security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2021-46848", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1471", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-2509", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-37434", "CVE-2022-42898", "CVE-2022-42920"], "modified": "2023-01-26T11:33:34", "id": "RHSA-2023:0470", "href": "https://access.redhat.com/errata/RHSA-2023:0470", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-25T08:01:32", "description": "The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T05:48:25", "type": "redhat", "title": "(RHSA-2022:6184) Important: Self Node Remediation Operator 0.4.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-30631"], "modified": "2022-08-25T05:48:42", "id": "RHSA-2022:6184", "href": "https://access.redhat.com/errata/RHSA-2022:6184", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-06T15:44:52", "description": "Logging Subsystem 5.4.5 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T13:30:30", "type": "redhat", "title": "(RHSA-2022:6183) Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1705", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-32148", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T13:30:39", "id": "RHSA-2022:6183", "href": "https://access.redhat.com/errata/RHSA-2022:6183", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-26T16:03:29", "description": "Release of RHACS 3.72 provides these changes:\n\nNew features\n* Automatic removal of nonactive clusters from RHACS: RHACS provides the ability to configure your system to automatically remove nonactive clusters from RHACS so that you can monitor active clusters only. \n* Support for unauthenticated email integration: RHACS now supports unauthenticated SMTP for email integrations. This is insecure and not recommended.\n* Support for Quay robot accounts: RHACS now supports use of robot accounts in quay.io integrations. You can create robot accounts in Quay that allow you to share credentials for use in multiple repositories.\n* Ability to view Dockerfile lines in images that introduced components with Common Vulnerabilities and Exposures (CVEs): In the Images view, under Image Findings, you can view individual lines in the Dockerfile that introduced the components that have been identified as containing CVEs.\n* Network graph improvements: RHACS 3.72 includes some improvements to the Network Graph user interface.\n\nKnown issue\n* RHACS shows the wrong severity when two severities exist for a single vulnerability in a single distribution. This issue occurs because RHACS scopes severities by namespace rather than component. There is no workaround. It is anticipated that an upcoming release will include a fix for this issue. (ROX-12527)\n\nBug fixes\n* Before this update, the steps to configure OpenShift Container Platform OAuth for more than one URI were missing. The documentation has been revised to include instructions for configuring OAuth in OpenShift Container Platform to use more than one URI. For more information, see Creating additional routes for the OpenShift Container Platform OAuth server. (ROX-11296)\n* Before this update, the autogenerated image integration, such as a Docker registry integration, for a cluster is not deleted when the cluster is removed from Central. This issue is fixed. (ROX-9398)\n* Before this update, the Image OS policy criteria did not support regular expressions, or regex. However, the documentation indicated that regular expressions were supported. This issue is fixed by adding support for regular expressions for the Image OS policy criteria. (ROX-12301)\n* Before this update, the syslog integration did not respect a configured TCP proxy. This is now fixed.\n* Before this update, the scanner-db pod failed to start when a resource quota was set for the stackrox namespace, because the init-db container in the pod did not have any resources assigned to it. The init-db container for ScannerDB now specifies resource requests and limits that match the db container. (ROX-12291)\n\nNotable technical changes\n* Scanning support for Red Hat Enterprise Linux 9: RHEL 9 is now generally available (GA). RHACS 3.72 introduces support for analyzing images built with Red Hat Universal Base Image (UBI) 9 and Red Hat Enterprise Linux (RHEL) 9 RPMs for vulnerabilities.\n* Policy for CVEs with fixable CVSS of 6 or greater disabled by default: Beginning with this release, the Fixable CVSS >= 6 and Privileged policy is no longer enabled by default for new RHACS installations. The configuration of this policy is not changed when upgrading an existing system. A new policy Privileged Containers with Important and Critical Fixable CVEs, which gives an alert for containers running in privileged mode that have important or critical fixable vulnerabilities, has been added.\n\nSecurity Fix(es)\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-26T15:24:52", "type": "redhat", "title": "(RHSA-2022:6714) Moderate: RHACS 3.72 enhancement and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2022-0391", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-28327", "CVE-2022-29154", "CVE-2022-29526", "CVE-2022-30631", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903"], "modified": "2022-09-26T15:25:11", "id": "RHSA-2022:6714", "href": "https://access.redhat.com/errata/RHSA-2022:6714", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-06T15:44:52", "description": "Openshift Logging Bug Fix Release (5.3.11)\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T12:05:37", "type": "redhat", "title": "(RHSA-2022:6182) Moderate: Openshift Logging Security and Bug Fix update (5.3.11)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-32206", "CVE-2022-32208"], "modified": "2022-09-06T12:05:47", "id": "RHSA-2022:6182", "href": "https://access.redhat.com/errata/RHSA-2022:6182", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-01T06:01:10", "description": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.0\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-01T05:38:54", "type": "redhat", "title": "(RHSA-2022:6152) Important: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-24675", "CVE-2022-28131", "CVE-2022-28327", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-09-01T05:39:02", "id": "RHSA-2022:6152", "href": "https://access.redhat.com/errata/RHSA-2022:6152", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-15T10:06:25", "description": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-15T06:19:30", "type": "redhat", "title": "(RHSA-2022:8250) Moderate: grafana-pcp security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-11-15T08:00:58", "id": "RHSA-2022:8250", "href": "https://access.redhat.com/errata/RHSA-2022:8250", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-08T08:46:30", "description": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-08T06:25:29", "type": "redhat", "title": "(RHSA-2022:7648) Moderate: grafana-pcp security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-11-08T07:47:01", "id": "RHSA-2022:7648", "href": "https://access.redhat.com/errata/RHSA-2022:7648", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T02:13:35", "description": "Service Binding manages the data plane for applications and backing services.\n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-27T00:54:13", "type": "redhat", "title": "(RHSA-2023:0918) Moderate: Service Binding Operator security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41717", "CVE-2022-42898", "CVE-2022-47629"], "modified": "2023-02-27T00:54:29", "id": "RHSA-2023:0918", "href": "https://access.redhat.com/errata/RHSA-2023:0918", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-04T12:05:45", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nThe golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Clean up dist-git patches (BZ#2109174)\n\n* Update Go to version 1.17.12 (BZ#2109183)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-01T15:29:25", "type": "redhat", "title": "(RHSA-2022:5799) Important: go-toolset and golang security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-28131", "CVE-2022-28327", "CVE-2022-29526", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-11-04T10:39:02", "id": "RHSA-2022:5799", "href": "https://access.redhat.com/errata/RHSA-2022:5799", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-15T22:12:55", "description": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags\n\nBugs addressed:\n\n* Build Submariner 0.13.3 (ACM-2226)\n* Verify Submariner with OCP 4.12 (ACM-2435)\n* Submariner does not support cluster \"kube-proxy ipvs mode\" (ACM-2821)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-15T20:03:23", "type": "redhat", "title": "(RHSA-2023:0795) Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-02-15T20:43:54", "id": "RHSA-2023:0795", "href": "https://access.redhat.com/errata/RHSA-2023:0795", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-28T04:07:23", "description": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-28T02:40:48", "type": "redhat", "title": "(RHSA-2022:8634) Moderate: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35525", "CVE-2020-35527", "CVE-2022-2509", "CVE-2022-27191", "CVE-2022-27664", "CVE-2022-30632", "CVE-2022-30635", "CVE-2022-32190", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-40674"], "modified": "2022-11-28T02:40:59", "id": "RHSA-2022:8634", "href": "https://access.redhat.com/errata/RHSA-2022:8634", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-19T18:06:19", "description": "This release of Red Hat OpenShift distributed tracing provides these changes:\n\nSecurity Fix(es):\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T12:51:53", "type": "redhat", "title": "(RHSA-2022:7055) Moderate: RHOSDT 2.6.0 operator/operand containers Security Update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2021-3918", "CVE-2022-0391", "CVE-2022-0536", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1650", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-24785", "CVE-2022-31129", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-34903"], "modified": "2022-10-19T12:52:24", "id": "RHSA-2022:7055", "href": "https://access.redhat.com/errata/RHSA-2022:7055", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-23T15:11:35", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:6102\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-x86_64\n\nThe image digest is sha256:97410a5db655a9d3017b735c2c0747c849d09ff551765e49d5272b80c024a844\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-s390x\n\nThe image digest is sha256:13734de7e796e46f5403ef9ee918be88c12fdc9b73acb8777e0cc7c56a276794\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-ppc64le\n\nThe image digest is sha256:d0019b6b8b32cc9fea06562e6ce175086fa7de7b2b7dce171a8ac1a57f92f10b\n\n(For aarch64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-aarch64\n\nThe image digest is sha256:3394a79e173ac17bc96a7256665701d3d7e2a95535a12f2ceb19ceb41dcd6b79 \n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-23T15:00:01", "type": "redhat", "title": "(RHSA-2022:6103) Moderate: OpenShift Container Platform 4.11.1 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-30629", "CVE-2022-30631", "CVE-2022-32250"], "modified": "2022-08-23T15:01:59", "id": "RHSA-2022:6103", "href": "https://access.redhat.com/errata/RHSA-2022:6103", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-08T08:46:30", "description": "The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-08T06:22:08", "type": "redhat", "title": "(RHSA-2022:7529) Moderate: container-tools:3.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1705", "CVE-2022-1708", "CVE-2022-1962", "CVE-2022-21698", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-32148"], "modified": "2022-11-08T07:21:36", "id": "RHSA-2022:7529", "href": "https://access.redhat.com/errata/RHSA-2022:7529", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-30T18:12:00", "description": "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers container images for the release.\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* kiali: error message spoofing in kiali UI (CVE-2022-3962)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-30T16:30:30", "type": "redhat", "title": "(RHSA-2023:0542) Important: Red Hat OpenShift Service Mesh 2.3.1 Containers security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2021-23648", "CVE-2021-4238", "CVE-2021-46848", "CVE-2022-1304", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-21673", "CVE-2022-21698", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-28131", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-37434", "CVE-2022-39278", "CVE-2022-3962", "CVE-2022-41715", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-01-30T16:30:42", "id": "RHSA-2023:0542", "href": "https://access.redhat.com/errata/RHSA-2023:0542", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-03T16:55:06", "description": "Service Binding Operator 1.3.1 is now available for OpenShift Developer Tools and Services for OCP 4.9 +\n\nSecurity Fix(es):\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-03T13:07:58", "type": "redhat", "title": "(RHSA-2022:7407) Moderate: Service Binding Operator 1.3.1 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2020-35525", "CVE-2020-35527", "CVE-2022-2509", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-37434"], "modified": "2022-11-03T13:08:21", "id": "RHSA-2022:7407", "href": "https://access.redhat.com/errata/RHSA-2022:7407", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T11:59:35", "description": "Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n- prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n- go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n- golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n- golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n- golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n- golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n- golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n- golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n- golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n- golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n- golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n- golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n- golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n- golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact; a CVSS\nscore; acknowledgments; and other related information refer to the CVE page(s)\nlisted in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-08-10T11:16:48", "type": "redhat", "title": "(RHSA-2022:6042) Important: Release of OpenShift Serverless Client kn 1.24.0", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-1996", "CVE-2022-21698", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-28131", "CVE-2022-28327", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-08-10T11:31:17", "id": "RHSA-2022:6042", "href": "https://access.redhat.com/errata/RHSA-2022:6042", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-08-18T18:01:33", "description": "Logging Subsystem 5.5.0 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-18T16:00:25", "type": "redhat", "title": "(RHSA-2022:6051) Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38561", "CVE-2022-0759", "CVE-2022-1012", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21698", "CVE-2022-30631", "CVE-2022-32250"], "modified": "2022-08-18T16:00:42", "id": "RHSA-2022:6051", "href": "https://access.redhat.com/errata/RHSA-2022:6051", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T18:35:40", "description": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n* CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\nBugs addressed:\n\n* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)\n* [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)\n* Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)\n* submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)\n* Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)\n* unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)\n* [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)\n* Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)\n* RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)\n* Submariner OVN support (ACM-1358)\n* Submariner Azure Console support (ACM-1388)\n* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)\n* Submariner on disconnected ACM #22000 (ACM-1678)\n* Submariner gateway: Error creating AWS security group if already exists (ACM-2055)\n* Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)\n* The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)\n* The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)\n* Subctl 0.14.0 prints version \"vsubctl\" (ACM-2132)\n* managedclusters \"local-cluster\" not found and missing Submariner Broker CRD (ACM-2145)\n* Add support of ARO to Submariner deployment (ACM-2150)\n* The e2e tests execution fails for \"Basic TCP connectivity\" tests (ACM-2204)\n* Gateway error shown \"diagnose all\" tests (ACM-2206)\n* Submariner does not support cluster \"kube-proxy ipvs mode\"(ACM-2211)\n* Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)\n* Cannot use submariner with OSP and self signed certs (ACM-2274)\n* Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)\n* Subctl 0.14.1 prints version \"devel\" (ACM-2482)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-07T16:35:37", "type": "redhat", "title": "(RHSA-2023:0631) Moderate: RHSA: Submariner 0.14 - bug fix and security updates", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46848", "CVE-2022-1304", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-2509", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27664", "CVE-2022-2880", "CVE-2022-30293", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-3515", "CVE-2022-35737", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41715", "CVE-2022-41717", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680"], "modified": "2023-02-07T16:35:58", "id": "RHSA-2023:0631", "href": "https://access.redhat.com/errata/RHSA-2023:0631", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-15T10:06:25", "description": "Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-15T06:15:31", "type": "redhat", "title": "(RHSA-2022:8098) Moderate: toolbox security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632"], "modified": "2022-11-15T08:05:00", "id": "RHSA-2022:8098", "href": "https://access.redhat.com/errata/RHSA-2022:8098", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-14T15:55:29", "description": "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read [important]\n* CVE-2021-41103 golang: containerd: insufficiently restricted permissions on container root and plugin directories [medium]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T12:42:43", "type": "redhat", "title": "(RHSA-2022:6517) Important: Release of containers for OSP 16.2.z director operator tech preview", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41103", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-30631"], "modified": "2022-09-14T12:42:57", "id": "RHSA-2022:6517", "href": "https://access.redhat.com/errata/RHSA-2022:6517", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-03-13T10:37:20", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8054 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : webkit2gtk3 (ELSA-2022-8054)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-22T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel"], "id": "ORACLELINUX_ELSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/168097", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-8054.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168097);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/22\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n\n script_name(english:\"Oracle Linux 9 : webkit2gtk3 (ELSA-2022-8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-8054 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-8054.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-13T03:58:52", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8054 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "RHEL 9 : webkit2gtk3 (RHSA-2022:8054)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/167607", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8054. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167607);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:8054\");\n\n script_name(english:\"RHEL 9 : webkit2gtk3 (RHSA-2022:8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:8054 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 200, 416, 787, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-12T15:08:48", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7704 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : webkit2gtk3 (ELSA-2022-7704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-15T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:glib2", "p-cpe:/a:oracle:linux:glib2-devel", "p-cpe:/a:oracle:linux:glib2-doc", "p-cpe:/a:oracle:linux:glib2-fam", "p-cpe:/a:oracle:linux:glib2-static", "p-cpe:/a:oracle:linux:glib2-tests", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel"], "id": "ORACLELINUX_ELSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167533", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7704.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167533);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/15\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n\n script_name(english:\"Oracle Linux 8 : webkit2gtk3 (ELSA-2022-7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7704 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7704.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-159.0.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-159.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-159.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glib2 / glib2-devel / glib2-doc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-13T06:46:37", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8054 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : webkit2gtk3 (ALSA-2022:8054)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-19T00:00:00", "cpe": ["p-cpe:/a:alma:linux:webkit2gtk3", "p-cpe:/a:alma:linux:webkit2gtk3-devel", "p-cpe:/a:alma:linux:webkit2gtk3-jsc", "p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream"], "id": "ALMA_LINUX_ALSA-2022-8054.NASL", "href": "https://www.tenable.com/plugins/nessus/168001", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:8054.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168001);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/19\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"ALSA\", value:\"2022:8054\");\n\n script_name(english:\"AlmaLinux 9 : webkit2gtk3 (ALSA-2022:8054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:8054 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and\n iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2022-26710)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-8054.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(1173, 120, 200, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-21T22:37:11", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7704 advisory.\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : webkit2gtk3 (RLSA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:webkit2gtk3", "p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-debugsource", "p-cpe:/a:rocky:linux:webkit2gtk3-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167812", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:7704.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167812);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RLSA\", value:\"2022:7704\");\n\n script_name(english:\"Rocky Linux 8 : webkit2gtk3 (RLSA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:7704 advisory.\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22624)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously\n crafted web content may lead to arbitrary code execution. (CVE-2022-22628)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:7704\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-debuginfo / webkit2gtk3-debugsource / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-13T03:58:20", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "nessus", "title": "CentOS 8 : webkit2gtk3 (CESA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2022-11-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:webkit2gtk3", "p-cpe:/a:centos:centos:webkit2gtk3-devel", "p-cpe:/a:centos:centos:webkit2gtk3-jsc", "p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel"], "id": "CENTOS8_RHSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167122", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:7704. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167122);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7704\");\n\n script_name(english:\"CentOS 8 : webkit2gtk3 (CESA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7704\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-12T10:47:48", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : webkit2gtk3 (RHSA-2022:7704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2022-7704.NASL", "href": "https://www.tenable.com/plugins/nessus/167169", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7704. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167169);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7704\");\n\n script_name(english:\"RHEL 8 : webkit2gtk3 (RHSA-2022:7704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7704 advisory.\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code\n execution (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2104789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 200, 416, 787, 1173);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'webkit2gtk3-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.36.7-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-devel / webkit2gtk3-jsc / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T20:58:37", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:5775 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-01T00:00:00", "type": "nessus", "title": "CentOS 8 : go-toolset:rhel8 (CESA-2022:5775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:2.3:a:centos:centos:delve:*:*:*:*:*:*:*", "cpe:2.3:o:centos:centos:8-stream:*:*:*:*:*:*:*"], "id": "CENTOS8_RHSA-2022-5775.NASL", "href": "https://www.tenable.com/plugins/nessus/163658", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:5775. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163658);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5775\");\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"CentOS 8 : go-toolset:rhel8 (CESA-2022:5775)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2022:5775 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5775\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected delve package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:delve\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/go-toolset');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\nif ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);\n\nvar appstreams = {\n 'go-toolset:rhel8': [\n {'reference':'delve-1.7.2-1.module_el8.6.0+962+0036b8f3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T14:46:09", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5866 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "RHEL 7 : go-toolset-1.17 and go-toolset-1.17-golang (RHSA-2022:5866)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-golang:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-golang-bin:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-golang-docs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-golang-misc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-golang-race:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-golang-src:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-golang-tests:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-runtime:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset-1.17-scldevel:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2022-5866.NASL", "href": "https://www.tenable.com/plugins/nessus/163709", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5866. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163709);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5866\");\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"RHEL 7 : go-toolset-1.17 and go-toolset-1.17-golang (RHSA-2022:5866)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5866 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107392\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 331, 444, 1325);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.17-scldevel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/devtools/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/devtools/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/devtools/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/devtools/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/devtools/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/devtools/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/devtools/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/devtools/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/devtools/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/devtools/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/devtools/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/devtools/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'go-toolset-1.17-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-build-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-build-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-bin-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-bin-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-docs-1.17.12-1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-misc-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-misc-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-race-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-src-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-src-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-tests-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-golang-tests-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-runtime-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-runtime-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-scldevel-1.17.12-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17-scldevel-1.17.12-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset-1.17 / go-toolset-1.17-build / go-toolset-1.17-golang / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T04:16:13", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5775 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-01T00:00:00", "type": "nessus", "title": "RHEL 8 : go-toolset:rhel8 (RHSA-2022:5775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:go-toolset:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:golang:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:golang-bin:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:golang-docs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:golang-misc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:golang-race:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:golang-src:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:golang-tests:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:delve:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2022-5775.NASL", "href": "https://www.tenable.com/plugins/nessus/163672", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5775. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163672);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5775\");\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"RHEL 8 : go-toolset:rhel8 (RHSA-2022:5775)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5775 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107392\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 331, 444, 1325);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:delve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-tests\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'go-toolset:rhel8': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'delve-1.7.2-1.module+el8.6.0+12972+ebab5911', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.module+el8.6.0+16014+a372c00b', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'delve-1.7.2-1.module+el8.6.0+12972+ebab5911', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.module+el8.6.0+16014+a372c00b', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/go-toolset');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\nif ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve / go-toolset / golang / golang-bin / golang-docs / golang-misc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:27:08", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5775 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-04T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-5775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:delve", "p-cpe:/a:oracle:linux:go-toolset", "p-cpe:/a:oracle:linux:golang", "p-cpe:/a:oracle:linux:golang-bin", "p-cpe:/a:oracle:linux:golang-docs", "p-cpe:/a:oracle:linux:golang-misc", "p-cpe:/a:oracle:linux:golang-race", "p-cpe:/a:oracle:linux:golang-src", "p-cpe:/a:oracle:linux:golang-tests", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2022-5775.NASL", "href": "https://www.tenable.com/plugins/nessus/163810", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5775.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163810);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-5775)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5775 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5775.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:delve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/go-toolset');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:ol8');\nif ('ol8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);\n\nvar appstreams = {\n 'go-toolset:ol8': [\n {'reference':'delve-1.7.2-1.0.1.module+el8.6.0+20559+3b94dc2a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.17.12-1.module+el8.6.0+20710+66aa75bb', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:ol8');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve / go-toolset / golang / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:27:10", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5799 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : go-toolset / and / golang (ELSA-2022-5799)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:go-toolset", "p-cpe:/a:oracle:linux:golang", "p-cpe:/a:oracle:linux:golang-bin", "p-cpe:/a:oracle:linux:golang-docs", "p-cpe:/a:oracle:linux:golang-misc", "p-cpe:/a:oracle:linux:golang-race", "p-cpe:/a:oracle:linux:golang-src", "p-cpe:/a:oracle:linux:golang-tests", "cpe:/o:oracle:linux:9"], "id": "ORACLELINUX_ELSA-2022-5799.NASL", "href": "https://www.tenable.com/plugins/nessus/163707", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5799.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163707);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"Oracle Linux 9 : go-toolset / and / golang (ELSA-2022-5799)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-5799 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5799.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'go-toolset-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset / golang / golang-bin / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:27:32", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5775 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-06T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : go-toolset:rhel8 (5775) (ALSA-2022:5775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:alma:linux:delve", "p-cpe:/a:alma:linux:go-toolset", "p-cpe:/a:alma:linux:golang", "p-cpe:/a:alma:linux:golang-bin", "p-cpe:/a:alma:linux:golang-docs", "p-cpe:/a:alma:linux:golang-misc", "p-cpe:/a:alma:linux:golang-race", "p-cpe:/a:alma:linux:golang-src", "p-cpe:/a:alma:linux:golang-tests", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-5775.NASL", "href": "https://www.tenable.com/plugins/nessus/163906", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5775.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163906);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"ALSA\", value:\"2022:5775\");\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"AlmaLinux 8 : go-toolset:rhel8 (5775) (ALSA-2022:5775)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:5775 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-5775.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:delve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/go-toolset');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\nif ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);\n\nvar appstreams = {\n 'go-toolset:rhel8': [\n {'reference':'delve-1.7.2-1.module_el8.6.0+2736+ec10aba8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.17.12-1.module_el8.6.0+3065+e17ed2d4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve / go-toolset / golang / golang-bin / golang-docs / golang-misc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:27:33", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a4f2416c-02a0-11ed-b817-10c37b4ac2ea advisory.\n\n - The Go project reports: net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a chunked encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to reject the header as invalid.\n When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more usual case where a Director function set the X-Forwarded-For header value to nil, ReverseProxy would leave the header unmodified as expected. compress/gzip: stack exhaustion in Reader.Read Calling Reader.Read on an archive containing a large number of concatenated 0-length compressed files can cause a panic due to stack exhaustion. encoding/xml: stack exhaustion in Unmarshal Calling Unmarshal on a XML document into a Go struct which has a nested field that uses the any field tag can cause a panic due to stack exhaustion.\n encoding/xml: stack exhaustion in Decoder.Skip Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion. encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. path/filepath: stack exhaustion in Glob Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion. io/fs: stack exhaustion in Glob Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion. go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due to stack exhaustion. (CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "FreeBSD : go -- multiple vulnerabilities (a4f2416c-02a0-11ed-b817-10c37b4ac2ea)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-12-08T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:go117", "p-cpe:/a:freebsd:freebsd:go118", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A4F2416C02A011EDB81710C37B4AC2EA.NASL", "href": "https://www.tenable.com/plugins/nessus/163105", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163105);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/08\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"FreeBSD : go -- multiple vulnerabilities (a4f2416c-02a0-11ed-b817-10c37b4ac2ea)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the a4f2416c-02a0-11ed-b817-10c37b4ac2ea advisory.\n\n - The Go project reports: net/http: improper sanitization of Transfer-Encoding header The HTTP/1\n client accepted some invalid Transfer-Encoding headers as indicating a chunked\n encoding. This could potentially allow for request smuggling, but only if combined with an\n intermediate server that also improperly failed to reject the header as invalid.\n When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil\n value for the X-Forwarded-For header, ReverseProxy would set the client IP as the\n value of the X-Forwarded-For header, contrary to its documentation. In the more usual case\n where a Director function set the X-Forwarded-For header value to nil,\n ReverseProxy would leave the header unmodified as expected. compress/gzip: stack exhaustion in\n Reader.Read Calling Reader.Read on an archive containing a large number of concatenated\n 0-length compressed files can cause a panic due to stack exhaustion. encoding/xml: stack\n exhaustion in Unmarshal Calling Unmarshal on a XML document into a Go struct which has a\n nested field that uses the any field tag can cause a panic due to stack exhaustion.\n encoding/xml: stack exhaustion in Decoder.Skip Calling Decoder.Skip when parsing a deeply nested XML\n document can cause a panic due to stack exhaustion. encoding/gob: stack exhaustion in Decoder.Decode\n Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic\n due to stack exhaustion. path/filepath: stack exhaustion in Glob Calling Glob on a path which\n contains a large number of path separators can cause a panic due to stack\n exhaustion. io/fs: stack exhaustion in Glob Calling Glob on a path which contains a large number of\n path separators can cause a panic due to stack exhaustion. go/parser: stack exhaustion in all\n Parse* functions Calling any of the Parse functions on Go source code which contains deeply\n nested types or declarations can cause a panic due to stack exhaustion. (CVE-2022-1705,\n CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633,\n CVE-2022-30635, CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://groups.google.com/g/golang-dev/c/frczlF8OFQ0\");\n # https://vuxml.freebsd.org/freebsd/a4f2416c-02a0-11ed-b817-10c37b4ac2ea.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27a1175e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:go117\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:go118\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'go117<1.17.12',\n 'go118<1.18.4'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:39:03", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5799 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : go-toolset and golang (ALSA-2022:5799)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-11-24T00:00:00", "cpe": ["p-cpe:/a:alma:linux:golang", "p-cpe:/a:alma:linux:golang-bin", "p-cpe:/a:alma:linux:golang-docs", "p-cpe:/a:alma:linux:golang-misc", "p-cpe:/a:alma:linux:golang-race", "p-cpe:/a:alma:linux:golang-src", "p-cpe:/a:alma:linux:golang-tests", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream"], "id": "ALMA_LINUX_ALSA-2022-5799.NASL", "href": "https://www.tenable.com/plugins/nessus/167694", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:5799.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167694);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/24\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"ALSA\", value:\"2022:5799\");\n\n script_name(english:\"AlmaLinux 9 : go-toolset and golang (ALSA-2022:5799)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:5799 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-5799.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(1325);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'golang-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'golang / golang-bin / golang-docs / golang-misc / golang-race / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-15T08:32:53", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2030-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2030-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:webkit2gtk-4_0-injected-bundles:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:webkit2gtk3-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libjavascriptcoregtk-4_0-18:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libwebkit2gtk-4_0-37:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libwebkit2gtk3-lang:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-javascriptcore-4_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-webkit2-4_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2030-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162007", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2030-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162007);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2030-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:2030-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2030-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200106\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011254.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8093dbd0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.36.3-150000.3.103.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T02:50:13", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2072-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2072-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2072-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162244", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2072-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162244);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2072-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2072-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2072-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200106\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011284.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a63466a1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.36.3-150200.35.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.36.3-150200.35.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit-jsc-4-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'webkit2gtk3-minibrowser-2.36.3-150200.35.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.36.3-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T02:51:03", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2071-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2071-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_1", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_1", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2071-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162241", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2071-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162241);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2071-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2022:2071-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2071-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200106\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011283.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?823dde58\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-5_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-5_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_1-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-5_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-soup2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-desktop-applications-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'WebKit2GTK-4.0-lang-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-4.1-lang-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'WebKit2GTK-5.0-lang-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.36.3-150400.4.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-4_1-0-32bit-2.36.3-150400.4.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.36.3-150400.4.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-4_1-0-32bit-2.36.3-150400.4.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-5_0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-4.1-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit-jsc-5.0-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-devel-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-minibrowser-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk3-soup2-minibrowser-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-devel-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'webkit2gtk4-minibrowser-2.36.3-150400.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'WebKit2GTK-4.0-lang / WebKit2GTK-4.1-lang / WebKit2GTK-5.0-lang / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T16:24:47", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2089-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2089-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:webkit2gtk-4_0-injected-bundles:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:webkit2gtk3-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libjavascriptcoregtk-4_0-18:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libwebkit2gtk-4_0-37:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libwebkit2gtk3-lang:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-javascriptcore-4_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-webkit2-4_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2089-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162310", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2089-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162310);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2089-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:2089-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2089-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200106\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011295.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80ab998d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30293\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-bcl-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.36.3-2.99.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.36.3-2.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T02:53:09", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2671-1 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)\n\n - Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. (CVE-2022-28131)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. (CVE-2022-30633)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148)\n\n - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-05T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.17 (SUSE-SU-2022:2671-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:go1.17", "p-cpe:/a:novell:suse_linux:go1.17-doc", "p-cpe:/a:novell:suse_linux:go1.17-race", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2671-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163878", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2671-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163878);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\",\n \"CVE-2022-32189\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2671-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.17 (SUSE-SU-2022:2671-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2671-1 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12\n and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly\n fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an\n attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)\n\n - Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker\n to cause a panic due to stack exhaustion via a deeply nested XML document. (CVE-2022-28131)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a\n panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker\n to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length\n compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to\n cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to\n cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a\n nested field that uses the 'any' field tag. (CVE-2022-30633)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an\n attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by\n calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the\n X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For\n header. (CVE-2022-32148)\n\n - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go\n before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202035\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011802.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?add270d8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32189\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected go1.17, go1.17-doc and / or go1.17-race packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.17\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.17-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.17-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'go1.17-race-1.17.13-150000.1.42.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'go1.17-1.17.13-150000.1.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'go1.17-doc-1.17.13-150000.1.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go1.17 / go1.17-doc / go1.17-race');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-10T19:21:28", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2672-1 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)\n\n - Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. (CVE-2022-28131)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. (CVE-2022-30633)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148)\n\n - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-05T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2022:2672-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:go1.18", "p-cpe:/a:novell:suse_linux:go1.18-doc", "p-cpe:/a:novell:suse_linux:go1.18-race", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2672-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163875", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2672-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163875);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\",\n \"CVE-2022-32189\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2672-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2022:2672-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2672-1 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12\n and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly\n fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an\n attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)\n\n - Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker\n to cause a panic due to stack exhaustion via a deeply nested XML document. (CVE-2022-28131)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a\n panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker\n to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length\n compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to\n cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to\n cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a\n nested field that uses the 'any' field tag. (CVE-2022-30633)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an\n attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by\n calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the\n X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For\n header. (CVE-2022-32148)\n\n - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go\n before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202035\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011804.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?62527c7b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32189\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected go1.18, go1.18-doc and / or go1.18-race packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.18-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.18-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'go1.18-1.18.5-150000.1.25.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.18-1.18.5-150000.1.25.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.18-doc-1.18.5-150000.1.25.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.18-doc-1.18.5-150000.1.25.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'go1.18-1.18.5-150000.1.25.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.18-1.18.5-150000.1.25.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.18-doc-1.18.5-150000.1.25.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.18-doc-1.18.5-150000.1.25.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'go1.18-1.18.5-150000.1.25.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'go1.18-doc-1.18.5-150000.1.25.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'go1.18-1.18.5-150000.1.25.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'go1.18-doc-1.18.5-150000.1.25.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'go1.18-race-1.18.5-150000.1.25.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go1.18 / go1.18-doc / go1.18-race');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T12:46:41", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-23681 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. (CVE-2022-1705)\n\n - In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document. (CVE-2022-28131)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. (CVE-2022-30633)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148)\n\n - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-07T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : ol8addon (ELSA-2022-23681)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189"], "modified": "2022-11-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:delve", "p-cpe:/a:oracle:linux:go-toolset", "p-cpe:/a:oracle:linux:golang", "p-cpe:/a:oracle:linux:golang-bin", "p-cpe:/a:oracle:linux:golang-docs", "p-cpe:/a:oracle:linux:golang-misc", "p-cpe:/a:oracle:linux:golang-race", "p-cpe:/a:oracle:linux:golang-src", "p-cpe:/a:oracle:linux:golang-tests"], "id": "ORACLELINUX_ELSA-2022-23681.NASL", "href": "https://www.tenable.com/plugins/nessus/167054", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-23681.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167054);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/24\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\",\n \"CVE-2022-32189\"\n );\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"Oracle Linux 8 : ol8addon (ELSA-2022-23681)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-23681 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12\n and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly\n fails to reject the header as invalid. (CVE-2022-1705)\n\n - In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a\n panic can occur via a deeply nested XML document. (CVE-2022-28131)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker\n to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length\n compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to\n cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a\n nested field that uses the 'any' field tag. (CVE-2022-30633)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an\n attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by\n calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the\n X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For\n header. (CVE-2022-32148)\n\n - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an\n attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a\n panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to\n cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go\n before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-23681.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:delve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'delve-1.7.2-1.0.1.module+el8.6.0+20703+24a110ad', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'delve-1.7.2-1.0.1.module+el8.6.0+20703+24a110ad', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.13-1.module+el8.6.0+20868+00b8efc8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.17.13-1.module+el8.6.0+20868+00b8efc8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.17.13-1.0.1.module+el8.6.0+20868+00b8efc8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve / go-toolset / golang / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-23T00:14:22", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8057 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)\n\n - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;\n not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.\n client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. (CVE-2022-21698)\n\n - Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. (CVE-2022-28131)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-30T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : grafana (RLSA-2022:8057)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1705", "CVE-2022-1962", "CVE-2022-21698", "CVE-2022-28131", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2023-03-22T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:grafana", "p-cpe:/a:rocky:linux:grafana-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-8057.NASL", "href": "https://www.tenable.com/plugins/nessus/170778", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:8057.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170778);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-1962\",\n \"CVE-2022-21698\",\n \"CVE-2022-28131\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"RLSA\", value:\"2022:8057\");\n\n script_name(english:\"Rocky Linux 8 : grafana (RLSA-2022:8057)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:8057 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12\n and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly\n fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an\n attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)\n\n - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package\n in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version\n 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential\n memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an\n instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;\n not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our\n middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.\n client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including\n removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected\n promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method\n given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow\n a limited set of methods. (CVE-2022-21698)\n\n - Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker\n to cause a panic due to stack exhaustion via a deeply nested XML document. (CVE-2022-28131)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a\n panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:8057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2044628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2045880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2055349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2065290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2104367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107392\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana and / or grafana-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21698\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:grafana-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'grafana-7.5.15-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-7.5.15-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-debuginfo-7.5.15-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-debuginfo-7.5.15-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana / grafana-debuginfo');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-25T04:43:02", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5457-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.10 / 22.04 LTS : WebKitGTK vulnerabilities (USN-5457-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:canonical:ubuntu_linux:20.04:-:lts:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:gir1.2-webkit2-4.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:webkit2gtk-driver:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:22.04:-:lts:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:gir1.2-webkit2-4.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev:*:*:*:*:*:*:*"], "id": "UBUNTU_USN-5457-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161750", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5457-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161750);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\"\n );\n script_xref(name:\"USN\", value:\"5457-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.10 / 22.04 LTS : WebKitGTK vulnerabilities (USN-5457-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5457-1 advisory.\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to code execution. (CVE-2022-26700)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2022-26709)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,\n watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5457-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|21\\.10|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.10 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.3-0ubuntu0.20.04.1'},\n {'osver': '21.10', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.3-0ubuntu0.21.10.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.36.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.3-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T04:48:51", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7648 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : grafana-pcp (RHSA-2022:7648)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:grafana-pcp"], "id": "REDHAT-RHSA-2022-7648.NASL", "href": "https://www.tenable.com/plugins/nessus/167136", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7648. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167136);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7648\");\n\n script_name(english:\"RHEL 8 : grafana-pcp (RHSA-2022:7648)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7648 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107388\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana-pcp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 444, 1325);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-pcp\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grafana-pcp-3.2.0-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana-pcp');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T10:51:20", "description": "The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8250 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "RHEL 9 : grafana-pcp (RHSA-2022:8250)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:grafana-pcp"], "id": "REDHAT-RHSA-2022-8250.NASL", "href": "https://www.tenable.com/plugins/nessus/167619", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8250. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167619);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"RHSA\", value:\"2022:8250\");\n\n script_name(english:\"RHEL 9 : grafana-pcp (RHSA-2022:8250)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:8250 advisory.\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-30635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-32148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2107388\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana-pcp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 444, 1325);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-pcp\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grafana-pcp-3.2.0-3.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana-pcp');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T12:41:07", "description": "The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8250 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : grafana-pcp (ALSA-2022:8250)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-11-24T00:00:00", "cpe": ["p-cpe:/a:alma:linux:grafana-pcp", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream"], "id": "ALMA_LINUX_ALSA-2022-8250.NASL", "href": "https://www.tenable.com/plugins/nessus/167986", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:8250.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167986);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/24\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"ALSA\", value:\"2022:8250\");\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"AlmaLinux 9 : grafana-pcp (ALSA-2022:8250)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nALSA-2022:8250 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12\n and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly\n fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a\n panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker\n to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length\n compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to\n cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an\n attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by\n calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the\n X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For\n header. (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-8250.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana-pcp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(1325);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grafana-pcp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'grafana-pcp-3.2.0-3.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-pcp-3.2.0-3.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana-pcp');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T10:52:24", "description": "The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7648 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : grafana-pcp (ALSA-2022:7648)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1705", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30635", "CVE-2022-32148"], "modified": "2022-11-24T00:00:00", "cpe": ["p-cpe:/a:alma:linux:grafana-pcp", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::appstream"], "id": "ALMA_LINUX_ALSA-2022-7648.NASL", "href": "https://www.tenable.com/plugins/nessus/167294", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7648.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167294);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/24\");\n\n script_cve_id(\n \"CVE-2022-1705\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7648\");\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"AlmaLinux 8 : grafana-pcp (ALSA-2022:7648)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nALSA-2022:7648 advisory.\n\n - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12\n and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly\n fails to reject the header as invalid. (CVE-2022-1705)\n\n - Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a\n panic due to stack exhaustion via a path which contains a large number of path separators.\n (CVE-2022-30630)\n\n - Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker\n to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length\n compressed files. (CVE-2022-30631)\n\n - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to\n cause a panic due to stack exhaustion via a path containing a large number of path separators.\n (CVE-2022-30632)\n\n - Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an\n attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.\n (CVE-2022-30635)\n\n - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by\n calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the\n X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For\n header. (CVE-2022-32148)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7648.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana-pcp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(1325);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grafana-pcp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::appstream\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'grafana-pcp-3.2.0-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-pcp-3.2.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch']